diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6ea1bb857..d82b1ac77 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -209,7 +209,7 @@ module "project" { ] } iam = { - "roles/editor" = [ + "roles/editor" = [ "serviceAccount:${module.project.service_accounts.cloud_services}" ] } @@ -236,7 +236,7 @@ module "project" { source = "./modules/project" name = "project-example" iam = { - "roles/editor" = [ + "roles/editor" = [ "serviceAccount:${module.project.service_accounts.cloud_services}" ] } @@ -543,7 +543,7 @@ locals { #### The `prefix` variable -If you would like to use a "prefix" variable for resource names, please keep its definition consistent across all code: +If you would like to use a "prefix" variable for resource names, please keep its definition consistent across all modules: ```hcl # variables.tf variable "prefix" { @@ -551,8 +551,8 @@ variable "prefix" { type = string default = null validation { - condition = var.prefix != "" - error_message = "Prefix can not be empty, please use null instead." + condition = var.prefix != "" + error_message = "Prefix cannot be empty, please use null instead." } } @@ -562,6 +562,18 @@ locals { } ``` +For blueprints the prefix is mandatory: +```hcl +variable "prefix" { + description = "Prefix used for resource names." + type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } +} +``` + ### Interacting with checks, tests and tools Our modules are designed for composition and live in a monorepo together with several end-to-end blueprints, so it was inevitable that over time we found ways of ensuring that a change does not break consumers. diff --git a/blueprints/cloud-operations/adfs/README.md b/blueprints/cloud-operations/adfs/README.md index 893dc155c..b18f60fee 100644 --- a/blueprints/cloud-operations/adfs/README.md +++ b/blueprints/cloud-operations/adfs/README.md @@ -54,18 +54,18 @@ Once done testing, you can clean up resources by running `terraform destroy`. |---|---|:---:|:---:|:---:| | [ad_dns_domain_name](variables.tf#L15) | AD DNS domain name. | string | ✓ | | | [adfs_dns_domain_name](variables.tf#L26) | ADFS DNS domain name. | string | ✓ | | -| [project_id](variables.tf#L79) | Host project ID. | string | ✓ | | +| [prefix](variables.tf#L64) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L82) | Host project ID. | string | ✓ | | | [ad_ip_cidr_block](variables.tf#L20) | Managed AD IP CIDR block. | string | | "10.0.0.0/24" | | [disk_size](variables.tf#L31) | Disk size. | number | | 50 | | [disk_type](variables.tf#L37) | Disk type. | string | | "pd-ssd" | | [image](variables.tf#L43) | Image. | string | | "projects/windows-cloud/global/images/family/windows-2022" | | [instance_type](variables.tf#L49) | Instance type. | string | | "n1-standard-2" | | [network_config](variables.tf#L55) | Network configuration | object({…}) | | null | -| [prefix](variables.tf#L64) | Prefix for the resources created. | string | | null | -| [project_create](variables.tf#L70) | Parameters for the creation of the new project. | object({…}) | | null | -| [region](variables.tf#L84) | Region. | string | | "europe-west1" | -| [subnet_ip_cidr_block](variables.tf#L90) | Subnet IP CIDR block. | string | | "10.0.1.0/28" | -| [zone](variables.tf#L96) | Zone. | string | | "europe-west1-c" | +| [project_create](variables.tf#L73) | Parameters for the creation of the new project. | object({…}) | | null | +| [region](variables.tf#L87) | Region. | string | | "europe-west1" | +| [subnet_ip_cidr_block](variables.tf#L93) | Subnet IP CIDR block. | string | | "10.0.1.0/28" | +| [zone](variables.tf#L99) | Zone. | string | | "europe-west1-c" | ## Outputs diff --git a/blueprints/cloud-operations/adfs/main.tf b/blueprints/cloud-operations/adfs/main.tf index beb06fbdd..bcfc753dd 100644 --- a/blueprints/cloud-operations/adfs/main.tf +++ b/blueprints/cloud-operations/adfs/main.tf @@ -12,10 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -locals { - prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-" -} - module "project" { source = "../../../modules/project" billing_account = ( @@ -41,7 +37,7 @@ module "vpc" { count = var.network_config == null ? 1 : 0 source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}vpc" + name = "${var.prefix}-vpc" subnets = [ { ip_cidr_range = var.subnet_ip_cidr_block @@ -98,7 +94,7 @@ module "server" { module "glb" { source = "../../../modules/net-glb" - name = "${local.prefix}glb" + name = "${var.prefix}-glb" project_id = module.project.project_id https = true diff --git a/blueprints/cloud-operations/adfs/variables.tf b/blueprints/cloud-operations/adfs/variables.tf index 4ac2fdc15..95a121d0c 100644 --- a/blueprints/cloud-operations/adfs/variables.tf +++ b/blueprints/cloud-operations/adfs/variables.tf @@ -62,9 +62,12 @@ variable "network_config" { } variable "prefix" { - description = "Prefix for the resources created." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/cloud-operations/dns-shared-vpc/README.md b/blueprints/cloud-operations/dns-shared-vpc/README.md index d2923e652..9dc4c2ea6 100644 --- a/blueprints/cloud-operations/dns-shared-vpc/README.md +++ b/blueprints/cloud-operations/dns-shared-vpc/README.md @@ -26,11 +26,11 @@ Note that Terraform 0.13 at least is required due to the use of `for_each` with |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L17) | Billing account associated with the GCP Projects that will be created for each team. | string | ✓ | | | [folder_id](variables.tf#L28) | Folder ID in which DNS projects will be created. | string | ✓ | | -| [shared_vpc_link](variables.tf#L48) | Shared VPC self link, used for DNS peering. | string | ✓ | | +| [prefix](variables.tf#L33) | Prefix used for resource names. | string | ✓ | | +| [shared_vpc_link](variables.tf#L51) | Shared VPC self link, used for DNS peering. | string | ✓ | | | [dns_domain](variables.tf#L22) | DNS domain under which each application team DNS domain will be created. | string | | "example.org" | -| [prefix](variables.tf#L33) | Customer name to use as prefix for resources' naming. | string | | "test-dns" | -| [project_services](variables.tf#L39) | Service APIs enabled by default. | list(string) | | […] | -| [teams](variables.tf#L53) | List of application teams requiring their own Cloud DNS instance. | list(string) | | […] | +| [project_services](variables.tf#L42) | Service APIs enabled by default. | list(string) | | […] | +| [teams](variables.tf#L56) | List of application teams requiring their own Cloud DNS instance. | list(string) | | […] | ## Outputs diff --git a/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf b/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf index 7c0f7ed92..90220e3df 100644 --- a/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf +++ b/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/variables.tf @@ -50,8 +50,12 @@ variable "billing_account" { } variable "prefix" { - description = "Customer name to use as prefix for resources' naming." - default = "test-dns" + description = "Prefix used for resource names." + type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "dns_domain" { diff --git a/blueprints/cloud-operations/dns-shared-vpc/variables.tf b/blueprints/cloud-operations/dns-shared-vpc/variables.tf index f74acfde0..63a0ab949 100644 --- a/blueprints/cloud-operations/dns-shared-vpc/variables.tf +++ b/blueprints/cloud-operations/dns-shared-vpc/variables.tf @@ -31,9 +31,12 @@ variable "folder_id" { } variable "prefix" { - description = "Customer name to use as prefix for resources' naming." + description = "Prefix used for resource names." type = string - default = "test-dns" + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_services" { diff --git a/blueprints/cloud-operations/network-dashboard/README.md b/blueprints/cloud-operations/network-dashboard/README.md index cc0557c18..179ae9c88 100644 --- a/blueprints/cloud-operations/network-dashboard/README.md +++ b/blueprints/cloud-operations/network-dashboard/README.md @@ -92,12 +92,12 @@ If you are interested in this and/or would like to contribute, please contact le | [billing_account](variables.tf#L17) | The ID of the billing account to associate this project with | | ✓ | | | [monitored_projects_list](variables.tf#L36) | ID of the projects to be monitored (where limits and quotas data will be pulled) | list(string) | ✓ | | | [organization_id](variables.tf#L46) | The organization id for the associated services | | ✓ | | -| [prefix](variables.tf#L50) | Customer name to use as prefix for monitoring project | | ✓ | | +| [prefix](variables.tf#L50) | Prefix used for resource names. | string | ✓ | | | [cf_version](variables.tf#L21) | Cloud Function version 2nd Gen or 1st Gen. Possible options: 'V1' or 'V2'.Use CFv2 if your Cloud Function timeouts after 9 minutes. By default it is using CFv1. | | | V1 | | [monitored_folders_list](variables.tf#L30) | ID of the projects to be monitored (where limits and quotas data will be pulled) | list(string) | | [] | | [monitoring_project_id](variables.tf#L41) | Monitoring project where the dashboard will be created and the solution deployed; a project will be created if set to empty string | | | | -| [project_monitoring_services](variables.tf#L54) | Service APIs enabled in the monitoring project if it will be created. | | | […] | -| [region](variables.tf#L76) | Region used to deploy the cloud functions and scheduler | | | europe-west1 | -| [schedule_cron](variables.tf#L81) | Cron format schedule to run the Cloud Function. Default is every 10 minutes. | | | */10 * * * * | +| [project_monitoring_services](variables.tf#L59) | Service APIs enabled in the monitoring project if it will be created. | | | […] | +| [region](variables.tf#L81) | Region used to deploy the cloud functions and scheduler | | | europe-west1 | +| [schedule_cron](variables.tf#L86) | Cron format schedule to run the Cloud Function. Default is every 10 minutes. | | | */10 * * * * | diff --git a/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py b/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py index 8987b4cb8..edd4a50b3 100644 --- a/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py +++ b/blueprints/cloud-operations/network-dashboard/cloud-function/metrics/limits.py @@ -187,7 +187,7 @@ def count_effective_limit(config, project_id, network_dict, usage_metric_name, for peered_network in network_dict['peerings']: if 'usage' not in peered_network: print( - f"Can not add metrics for peered network in projects/{project_id} as no usage metrics exist due to missing permissions" + f"Cannot add metrics for peered network in projects/{project_id} as no usage metrics exist due to missing permissions" ) continue peering_group_usage += peered_network['usage'] diff --git a/blueprints/cloud-operations/network-dashboard/tests/variables.tf b/blueprints/cloud-operations/network-dashboard/tests/variables.tf index a895d284c..dd01b29fd 100644 --- a/blueprints/cloud-operations/network-dashboard/tests/variables.tf +++ b/blueprints/cloud-operations/network-dashboard/tests/variables.tf @@ -23,7 +23,12 @@ variable "billing_account" { } variable "prefix" { - description = "Customer name to use as prefix for resources' naming" + description = "Prefix used for resource names." + type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_vm_services" { diff --git a/blueprints/cloud-operations/network-dashboard/variables.tf b/blueprints/cloud-operations/network-dashboard/variables.tf index de32ab1e0..9c279b9d6 100644 --- a/blueprints/cloud-operations/network-dashboard/variables.tf +++ b/blueprints/cloud-operations/network-dashboard/variables.tf @@ -48,7 +48,12 @@ variable "organization_id" { } variable "prefix" { - description = "Customer name to use as prefix for monitoring project" + description = "Prefix used for resource names." + type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_monitoring_services" { diff --git a/blueprints/data-solutions/cloudsql-multiregion/README.md b/blueprints/data-solutions/cloudsql-multiregion/README.md index 1fc060087..821d9a844 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/README.md +++ b/blueprints/data-solutions/cloudsql-multiregion/README.md @@ -143,15 +143,15 @@ The above command will delete the associated resources so there will be no billa | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [postgres_user_password](variables.tf#L40) | `postgres` user password. | string | ✓ | | -| [prefix](variables.tf#L45) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| [project_id](variables.tf#L59) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L45) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L63) | Project id, references existing project if `project_create` is null. | string | ✓ | | | [data_eng_principals](variables.tf#L17) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | list(string) | | [] | | [network_config](variables.tf#L23) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | | [postgres_database](variables.tf#L34) | `postgres` database. | string | | "guestbook" | -| [project_create](variables.tf#L50) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [regions](variables.tf#L64) | Map of instance_name => location where instances will be deployed. | map(string) | | {…} | -| [service_encryption_keys](variables.tf#L77) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string) | | null | -| [sql_configuration](variables.tf#L83) | Cloud SQL configuration | object({…}) | | {…} | +| [project_create](variables.tf#L54) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [regions](variables.tf#L68) | Map of instance_name => location where instances will be deployed. | map(string) | | {…} | +| [service_encryption_keys](variables.tf#L81) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string) | | null | +| [sql_configuration](variables.tf#L87) | Cloud SQL configuration | object({…}) | | {…} | ## Outputs diff --git a/blueprints/data-solutions/cloudsql-multiregion/variables.tf b/blueprints/data-solutions/cloudsql-multiregion/variables.tf index aa91afbf7..d05f1bac7 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/variables.tf +++ b/blueprints/data-solutions/cloudsql-multiregion/variables.tf @@ -43,8 +43,12 @@ variable "postgres_user_password" { } variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/data-solutions/composer-2/README.md b/blueprints/data-solutions/composer-2/README.md index 08a8643d6..bc51aaa4f 100644 --- a/blueprints/data-solutions/composer-2/README.md +++ b/blueprints/data-solutions/composer-2/README.md @@ -96,14 +96,14 @@ service_encryption_keys = { | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [prefix](variables.tf#L78) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| [project_id](variables.tf#L92) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L78) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L96) | Project id, references existing project if `project_create` is null. | string | ✓ | | | [composer_config](variables.tf#L17) | Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables. | object({…}) | | {…} | | [iam_groups_map](variables.tf#L58) | Map of Role => groups to be added on the project. Example: { \"roles/composer.admin\" = [\"group:gcp-data-engineers@example.com\"]}. | map(list(string)) | | null | | [network_config](variables.tf#L64) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | -| [project_create](variables.tf#L83) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [region](variables.tf#L97) | Reagion where instances will be deployed. | string | | "europe-west1" | -| [service_encryption_keys](variables.tf#L103) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion in use. | map(string) | | null | +| [project_create](variables.tf#L87) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [region](variables.tf#L101) | Reagion where instances will be deployed. | string | | "europe-west1" | +| [service_encryption_keys](variables.tf#L107) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion in use. | map(string) | | null | ## Outputs diff --git a/blueprints/data-solutions/composer-2/main.tf b/blueprints/data-solutions/composer-2/main.tf index 407eb5f23..a9ee619c6 100644 --- a/blueprints/data-solutions/composer-2/main.tf +++ b/blueprints/data-solutions/composer-2/main.tf @@ -22,7 +22,6 @@ locals { }, var.iam_groups_map ) - # Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account _shared_vpc_bindings = { "roles/compute.networkUser" = [ diff --git a/blueprints/data-solutions/composer-2/variables.tf b/blueprints/data-solutions/composer-2/variables.tf index db7ac55aa..6ff0ff461 100644 --- a/blueprints/data-solutions/composer-2/variables.tf +++ b/blueprints/data-solutions/composer-2/variables.tf @@ -76,8 +76,12 @@ variable "network_config" { } variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/data-solutions/data-platform-foundations/README.md b/blueprints/data-solutions/data-platform-foundations/README.md index 35b4c9508..8da143b29 100644 --- a/blueprints/data-solutions/data-platform-foundations/README.md +++ b/blueprints/data-solutions/data-platform-foundations/README.md @@ -249,17 +249,17 @@ You can find examples in the `[demo](./demo)` folder. | [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | | [folder_id](variables.tf#L53) | Folder to be used for the networking resources in folders/nnnn format. | string | ✓ | | | [organization_domain](variables.tf#L98) | Organization domain. | string | ✓ | | -| [prefix](variables.tf#L103) | Unique prefix used for resource names. | string | ✓ | | +| [prefix](variables.tf#L103) | Prefix used for resource names. | string | ✓ | | | [composer_config](variables.tf#L22) | Cloud Composer config. | object({…}) | | {…} | | [data_catalog_tags](variables.tf#L36) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {…} | | [data_force_destroy](variables.tf#L47) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | bool | | false | | [groups](variables.tf#L58) | User groups. | map(string) | | {…} | | [location](variables.tf#L68) | Location used for multi-regional resources. | string | | "eu" | | [network_config](variables.tf#L74) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | -| [project_services](variables.tf#L108) | List of core services enabled on all projects. | list(string) | | […] | -| [project_suffix](variables.tf#L119) | Suffix used only for project ids. | string | | null | -| [region](variables.tf#L125) | Region used for regional resources. | string | | "europe-west1" | -| [service_encryption_keys](variables.tf#L131) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null | +| [project_services](variables.tf#L112) | List of core services enabled on all projects. | list(string) | | […] | +| [project_suffix](variables.tf#L123) | Suffix used only for project ids. | string | | null | +| [region](variables.tf#L129) | Region used for regional resources. | string | | "europe-west1" | +| [service_encryption_keys](variables.tf#L135) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null | ## Outputs diff --git a/blueprints/data-solutions/data-platform-foundations/variables.tf b/blueprints/data-solutions/data-platform-foundations/variables.tf index adf3c7e49..80e7b65cf 100644 --- a/blueprints/data-solutions/data-platform-foundations/variables.tf +++ b/blueprints/data-solutions/data-platform-foundations/variables.tf @@ -101,8 +101,12 @@ variable "organization_domain" { } variable "prefix" { - description = "Unique prefix used for resource names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_services" { diff --git a/blueprints/data-solutions/data-playground/README.md b/blueprints/data-solutions/data-playground/README.md index 950484a93..79455dd3d 100644 --- a/blueprints/data-solutions/data-playground/README.md +++ b/blueprints/data-solutions/data-playground/README.md @@ -47,12 +47,12 @@ You can now connect to the Vertex AI notbook to perform your data analysy. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [prefix](variables.tf#L22) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| [project_id](variables.tf#L36) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L22) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L40) | Project id, references existing project if `project_create` is null. | string | ✓ | | | [location](variables.tf#L16) | The location where resources will be deployed. | string | | "EU" | -| [project_create](variables.tf#L27) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | object({…}) | | null | -| [region](variables.tf#L41) | The region where resources will be deployed. | string | | "europe-west1" | -| [vpc_config](variables.tf#L57) | Parameters to create a VPC. | object({…}) | | {…} | +| [project_create](variables.tf#L31) | Provide values if project creation is needed, uses existing project if null. Parent format: folders/folder_id or organizations/org_id | object({…}) | | null | +| [region](variables.tf#L45) | The region where resources will be deployed. | string | | "europe-west1" | +| [vpc_config](variables.tf#L61) | Parameters to create a VPC. | object({…}) | | {…} | ## Outputs diff --git a/blueprints/data-solutions/data-playground/main.tf b/blueprints/data-solutions/data-playground/main.tf index a561c1d63..2622742e6 100644 --- a/blueprints/data-solutions/data-playground/main.tf +++ b/blueprints/data-solutions/data-playground/main.tf @@ -113,7 +113,7 @@ module "bucket" { module "dataset" { source = "../../../modules/bigquery-dataset" project_id = module.project.project_id - id = "${var.prefix}_data" + id = "${replace(var.prefix, "-", "_")}_data" encryption_key = try(local.service_encryption_keys.bq, null) # Example assignment of an encryption key } diff --git a/blueprints/data-solutions/data-playground/variables.tf b/blueprints/data-solutions/data-playground/variables.tf index 1c410ae27..5ee664238 100644 --- a/blueprints/data-solutions/data-playground/variables.tf +++ b/blueprints/data-solutions/data-playground/variables.tf @@ -20,8 +20,12 @@ variable "location" { } variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md index b062f4e3f..54f47ecab 100644 --- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md +++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/README.md @@ -193,14 +193,14 @@ The above command will delete the associated resources so there will be no billa | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [prefix](variables.tf#L36) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | ✓ | | -| [project_id](variables.tf#L50) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [prefix](variables.tf#L36) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L54) | Project id, references existing project if `project_create` is null. | string | ✓ | | | [cmek_encryption](variables.tf#L15) | Flag to enable CMEK on GCP resources created. | bool | | false | | [data_eng_principals](variables.tf#L21) | Groups with Service Account Token creator role on service accounts in IAM format, eg 'group:group@domain.com'. | list(string) | | [] | | [network_config](variables.tf#L27) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null | -| [project_create](variables.tf#L41) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [region](variables.tf#L55) | The region where resources will be deployed. | string | | "europe-west1" | -| [vpc_subnet_range](variables.tf#L61) | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" | +| [project_create](variables.tf#L45) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [region](variables.tf#L59) | The region where resources will be deployed. | string | | "europe-west1" | +| [vpc_subnet_range](variables.tf#L65) | Ip range used for the VPC subnet created for the example. | string | | "10.0.0.0/20" | ## Outputs diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf index 026e07b69..97d3de77f 100644 --- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf +++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/variables.tf @@ -34,8 +34,12 @@ variable "network_config" { } variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/data-solutions/sqlserver-alwayson/README.md b/blueprints/data-solutions/sqlserver-alwayson/README.md index ba1916c7d..f3ef9d851 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/README.md +++ b/blueprints/data-solutions/sqlserver-alwayson/README.md @@ -38,9 +38,10 @@ and to `C:\GcpSetupLog.txt` file. | [ad_domain_fqdn](variables.tf#L15) | Active Directory domain (FQDN) | string | ✓ | | | [ad_domain_netbios](variables.tf#L24) | Active Directory domain (NetBIOS) | string | ✓ | | | [network](variables.tf#L90) | Network to use in the project | string | ✓ | | -| [project_id](variables.tf#L128) | Google Cloud project ID | string | ✓ | | -| [sql_admin_password](variables.tf#L145) | Password for the SQL admin user to be created | string | ✓ | | -| [subnetwork](variables.tf#L160) | Subnetwork to use in the project | string | ✓ | | +| [prefix](variables.tf#L113) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L131) | Google Cloud project ID | string | ✓ | | +| [sql_admin_password](variables.tf#L148) | Password for the SQL admin user to be created | string | ✓ | | +| [subnetwork](variables.tf#L163) | Subnetwork to use in the project | string | ✓ | | | [always_on_groups](variables.tf#L33) | List of Always On Groups | list(string) | | ["bookshelf"] | | [boot_disk_size](variables.tf#L39) | Boot disk size in GB | number | | 50 | | [cluster_name](variables.tf#L45) | Cluster name (prepended with prefix) | string | | "cluster" | @@ -52,15 +53,14 @@ and to `C:\GcpSetupLog.txt` file. | [node_image](variables.tf#L95) | SQL Server node machine image | string | | "projects/windows-sql-cloud/global/images/family/sql-ent-2019-win-2019" | | [node_instance_type](variables.tf#L101) | SQL Server database node instance type | string | | "n2-standard-8" | | [node_name](variables.tf#L107) | Node base name | string | | "node" | -| [prefix](variables.tf#L113) | Prefix used for resources (for multiple clusters in a project) | string | | "aog" | -| [project_create](variables.tf#L119) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [region](variables.tf#L133) | Region for resources | string | | "europe-west4" | -| [shared_vpc_project_id](variables.tf#L139) | Shared VPC project ID for firewall rules | string | | null | -| [sql_client_cidrs](variables.tf#L154) | CIDR ranges that are allowed to connect to SQL Server | list(string) | | ["0.0.0.0/0"] | -| [vpc_ip_cidr_range](variables.tf#L165) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" | -| [witness_image](variables.tf#L171) | SQL Server witness machine image | string | | "projects/windows-cloud/global/images/family/windows-2019" | -| [witness_instance_type](variables.tf#L177) | SQL Server witness node instance type | string | | "n2-standard-2" | -| [witness_name](variables.tf#L183) | Witness base name | string | | "witness" | +| [project_create](variables.tf#L122) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [region](variables.tf#L136) | Region for resources | string | | "europe-west4" | +| [shared_vpc_project_id](variables.tf#L142) | Shared VPC project ID for firewall rules | string | | null | +| [sql_client_cidrs](variables.tf#L157) | CIDR ranges that are allowed to connect to SQL Server | list(string) | | ["0.0.0.0/0"] | +| [vpc_ip_cidr_range](variables.tf#L168) | Ip range used in the subnet deployef in the Service Project. | string | | "10.0.0.0/20" | +| [witness_image](variables.tf#L174) | SQL Server witness machine image | string | | "projects/windows-cloud/global/images/family/windows-2019" | +| [witness_instance_type](variables.tf#L180) | SQL Server witness node instance type | string | | "n2-standard-2" | +| [witness_name](variables.tf#L186) | Witness base name | string | | "witness" | ## Outputs diff --git a/blueprints/data-solutions/sqlserver-alwayson/instances.tf b/blueprints/data-solutions/sqlserver-alwayson/instances.tf index bde266629..40f26e95d 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/instances.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/instances.tf @@ -30,8 +30,8 @@ locals { managed_ad_dn_path = var.managed_ad_dn != "" ? "-Path \"${var.managed_ad_dn}\"" : "" health_check_port = var.health_check_port sql_admin_password_secret = local._secret_parts[length(local._secret_parts) - 1] - cluster_ip = module.ip-addresses.internal_addresses["${local.prefix}cluster"].address - loadbalancer_ips = jsonencode({ for aog in var.always_on_groups : aog => module.ip-addresses.internal_addresses["${local.prefix}lb-${aog}"].address }) + cluster_ip = module.ip-addresses.internal_addresses["${var.prefix}-cluster"].address + loadbalancer_ips = jsonencode({ for aog in var.always_on_groups : aog => module.ip-addresses.internal_addresses["${var.prefix}-lb-${aog}"].address }) sql_cluster_name = local.cluster_netbios_name sql_cluster_full = local.cluster_full_name node_netbios_1 = local.node_netbios_names[0] @@ -43,7 +43,7 @@ locals { _template_vars = merge(local._template_vars0, { functions = local._functions }) - _user_name = "${local.prefix}sqlserver" + _user_name = "${var.prefix}-sqlserver" scripts = { for script in local._scripts : script => templatefile("${path.module}/scripts/${script}.ps1", local._template_vars) diff --git a/blueprints/data-solutions/sqlserver-alwayson/main.tf b/blueprints/data-solutions/sqlserver-alwayson/main.tf index 6485b46dd..4a2550153 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/main.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/main.tf @@ -14,14 +14,14 @@ locals { ad_user_password_secret = "${local.cluster_full_name}-password" - cluster_full_name = "${local.prefix}${var.cluster_name}" + cluster_full_name = "${var.prefix}-${var.cluster_name}" cluster_netbios_name = ( length(local.cluster_full_name) > 15 ? substr(local.cluster_full_name, 0, 15) : local.cluster_full_name ) network = module.vpc.self_link - node_base = "${local.prefix}${var.node_name}" + node_base = "${var.prefix}-${var.node_name}" node_prefix = ( length(local.node_base) > 12 ? substr(local.node_base, 0, 12) @@ -39,7 +39,6 @@ locals { (local.witness_netbios_name) = local.zones[length(local.zones) - 1] } ) - prefix = var.prefix != "" ? "${var.prefix}-" : "" subnetwork = ( var.project_create != null ? module.vpc.subnet_self_links["${var.region}/${var.subnetwork}"] @@ -50,7 +49,7 @@ locals { ? var.shared_vpc_project_id : module.project.project_id ) - witness_name = "${local.prefix}${var.witness_name}" + witness_name = "${var.prefix}-${var.witness_name}" witness_netbios_name = ( length(local.witness_name) > 15 ? substr(local.witness_name, 0, 15) diff --git a/blueprints/data-solutions/sqlserver-alwayson/service-accounts.tf b/blueprints/data-solutions/sqlserver-alwayson/service-accounts.tf index d470a2162..b94a24e59 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/service-accounts.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/service-accounts.tf @@ -19,7 +19,7 @@ module "compute-service-account" { source = "../../../modules/iam-service-account" project_id = var.project_id - name = format("%swsfc", local.prefix) + name = "${var.prefix}-wsfc" iam_project_roles = { (var.project_id) = [ @@ -35,7 +35,7 @@ module "compute-service-account" { module "witness-service-account" { source = "../../../modules/iam-service-account" project_id = var.project_id - name = format("%swsfc-witness", local.prefix) + name = "${var.prefix}-wsfc-witness" iam_project_roles = { (var.project_id) = [ diff --git a/blueprints/data-solutions/sqlserver-alwayson/variables.tf b/blueprints/data-solutions/sqlserver-alwayson/variables.tf index 1e558fafd..6f9177c32 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/variables.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/variables.tf @@ -111,9 +111,12 @@ variable "node_name" { } variable "prefix" { - description = "Prefix used for resources (for multiple clusters in a project)" + description = "Prefix used for resource names." type = string - default = "aog" + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf index 6f0b9120e..ccc10e1c3 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/vpc.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/vpc.tf @@ -19,7 +19,7 @@ locals { local.listeners, local.node_ips, { - "${local.prefix}cluster" = { + "${var.prefix}-cluster" = { region = var.region subnetwork = local.subnetwork } @@ -34,7 +34,7 @@ locals { k => v.address } listeners = { - for aog in var.always_on_groups : "${local.prefix}lb-${aog}" => { + for aog in var.always_on_groups : "${var.prefix}-lb-${aog}" => { region = var.region subnetwork = local.subnetwork } @@ -83,7 +83,7 @@ module "firewall" { disabled = true } ingress_rules = { - "${local.prefix}allow-all-between-wsfc-nodes" = { + "${var.prefix}-allow-all-between-wsfc-nodes" = { description = "Allow all between WSFC nodes" sources = [module.compute-service-account.email] targets = [module.compute-service-account.email] @@ -94,7 +94,7 @@ module "firewall" { { protocol = "icmp" } ] } - "${local.prefix}allow-all-between-wsfc-witness" = { + "${var.prefix}-allow-all-between-wsfc-witness" = { description = "Allow all between WSFC witness nodes" sources = [module.compute-service-account.email] targets = [module.witness-service-account.email] @@ -105,7 +105,7 @@ module "firewall" { { protocol = "icmp" } ] } - "${local.prefix}allow-sql-to-wsfc-nodes" = { + "${var.prefix}-allow-sql-to-wsfc-nodes" = { description = "Allow SQL connections to WSFC nodes" targets = [module.compute-service-account.email] ranges = var.sql_client_cidrs @@ -114,7 +114,7 @@ module "firewall" { { protocol = "tcp", ports = [1433] }, ] } - "${local.prefix}allow-health-check-to-wsfc-nodes" = { + "${var.prefix}-allow-health-check-to-wsfc-nodes" = { description = "Allow health checks to WSFC nodes" targets = [module.compute-service-account.email] ranges = var.health_check_ranges @@ -139,7 +139,7 @@ module "listener-ilb" { region = var.region name = "${var.prefix}-${each.value}-ilb" service_label = "${var.prefix}-${each.value}-ilb" - address = local.internal_address_ips["${local.prefix}lb-${each.value}"] + address = local.internal_address_ips["${var.prefix}-lb-${each.value}"] vpc_config = { network = local.network subnetwork = local.subnetwork diff --git a/blueprints/factories/net-vpc-firewall-yaml/README.md b/blueprints/factories/net-vpc-firewall-yaml/README.md index efd5a3a07..26e85c5d8 100644 --- a/blueprints/factories/net-vpc-firewall-yaml/README.md +++ b/blueprints/factories/net-vpc-firewall-yaml/README.md @@ -1,6 +1,6 @@ # Google Cloud VPC Firewall Factory -This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files. +This module allows creation and management of different types of firewall rules by defining them in well formatted `yaml` files. Yaml abstraction for FW rules can simplify users onboarding and also makes rules definition simpler and clearer comparing to HCL. @@ -79,10 +79,10 @@ rule-name: # descriptive name, naming convention is adjusted by the module destination_ranges: # list of destination ranges, should be specified only for `EGRESS` rule - 0.0.0.0/0 source_tags: ['some-tag'] # list of source tags, should be specified only for `INGRESS` rule - source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, can not be specified together with `source_tags` or `target_tags` + source_service_accounts: # list of source service accounts, should be specified only for `INGRESS` rule, cannot be specified together with `source_tags` or `target_tags` - myapp@myproject-id.iam.gserviceaccount.com target_tags: ['some-tag'] # list of target tags - target_service_accounts: # list of target service accounts, , can not be specified together with `source_tags` or `target_tags` + target_service_accounts: # list of target service accounts, , cannot be specified together with `source_tags` or `target_tags` - myapp@myproject-id.iam.gserviceaccount.com ``` diff --git a/blueprints/factories/project-factory/README.md b/blueprints/factories/project-factory/README.md index cc5ed9624..b749bcbce 100644 --- a/blueprints/factories/project-factory/README.md +++ b/blueprints/factories/project-factory/README.md @@ -69,6 +69,7 @@ module "projects" { kms_service_agents = try(each.value.kms, {}) labels = try(each.value.labels, {}) org_policies = try(each.value.org_policies, {}) + prefix = each.value.prefix service_accounts = try(each.value.service_accounts, {}) services = try(each.value.services, []) service_identities_iam = try(each.value.service_identities_iam, {}) @@ -109,9 +110,9 @@ vpc_host_project: project-example-host-project # [opt] Billing account id - overrides default if set billing_account_id: 012345-67890A-BCDEF0 - + # [opt] Billing alerts config - overrides default if set -billing_alert: +billing_alert: amount: 10 thresholds: current: @@ -119,42 +120,42 @@ billing_alert: - 0.8 forecasted: [] -# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults -dns_zones: +# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults +dns_zones: - lorem - ipsum -# [opt] Contacts for billing alerts and important notifications -essential_contacts: +# [opt] Contacts for billing alerts and important notifications +essential_contacts: - team-a-contacts@example.com # Folder the project will be created as children of folder_id: folders/012345678901 # [opt] Authoritative IAM bindings in group => [roles] format -group_iam: +group_iam: test-team-foobar@fast-lab-0.gcp-pso-italy.net: - roles/compute.admin # [opt] Authoritative IAM bindings in role => [principals] format # Generally used to grant roles to service accounts external to the project -iam: +iam: roles/compute.admin: - serviceAccount:service-account -# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter +# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter # in service => [keys] format -kms_service_agents: +kms_service_agents: compute: [key1, key2] storage: [key1, key2] # [opt] Labels for the project - merged with the ones defined in defaults -labels: +labels: environment: prod # [opt] Org policy overrides defined at project level org_policies: - constraints/compute.disableGuestAttributesAccess: + constraints/compute.disableGuestAttributesAccess: enforce: true constraints/compute.trustedImageProjects: allow: @@ -166,7 +167,7 @@ org_policies: # [opt] Service account to create for the project and their roles on the project # in name => [roles] format -service_accounts: +service_accounts: another-service-account: - roles/compute.admin my-service-account: @@ -179,37 +180,37 @@ service_accounts_iam: - roles/iam.serviceAccountTokenCreator: - group: app-team-1@example.com -# [opt] APIs to enable on the project. -services: +# [opt] APIs to enable on the project. +services: - storage.googleapis.com - stackdriver.googleapis.com - compute.googleapis.com # [opt] Roles to assign to the robots service accounts in robot => [roles] format -services_iam: +services_iam: compute: - roles/storage.objectViewer - # [opt] VPC setup. - # If set enables the `compute.googleapis.com` service and configures + # [opt] VPC setup. + # If set enables the `compute.googleapis.com` service and configures # service project attachment -vpc: +vpc: # [opt] If set, enables the container API - gke_setup: + gke_setup: - # Grants "roles/container.hostServiceAgentUser" to the container robot if set + # Grants "roles/container.hostServiceAgentUser" to the container robot if set enable_host_service_agent: false - # Grants "roles/compute.securityAdmin" to the container robot if set + # Grants "roles/compute.securityAdmin" to the container robot if set enable_security_admin: true - # Host project the project will be service project of + # Host project the project will be service project of host_project: fast-prod-net-spoke-0 # [opt] Subnets in the host project where principals will be granted networkUser - # in region/subnet-name => [principals] - subnets_iam: + # in region/subnet-name => [principals] + subnets_iam: europe-west1/prod-default-ew1: - user:foobar@example.com - serviceAccount:service-account1@my-project.iam.gserviceaccount.com @@ -221,7 +222,8 @@ vpc: | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | -| [project_id](variables.tf#L157) | Project id. | string | ✓ | | +| [prefix](variables.tf#L151) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L160) | Project id. | string | ✓ | | | [billing_alert](variables.tf#L22) | Billing alert configuration. | object({…}) | | null | | [defaults](variables.tf#L35) | Project factory default values. | object({…}) | | null | | [dns_zones](variables.tf#L57) | DNS private zones to create as child of var.defaults.environment_dns_zone. | list(string) | | [] | @@ -234,15 +236,14 @@ vpc: | [kms_service_agents](variables.tf#L99) | KMS IAM configuration in as service => [key]. | map(list(string)) | | {} | | [labels](variables.tf#L105) | Labels to be assigned at project level. | map(string) | | {} | | [org_policies](variables.tf#L111) | Org-policy overrides at project level. | map(object({…})) | | {} | -| [prefix](variables.tf#L151) | Prefix used for the project id. | string | | null | -| [service_accounts](variables.tf#L162) | Service accounts to be created, and roles assigned them on the project. | map(list(string)) | | {} | -| [service_accounts_additive](variables.tf#L168) | Service accounts to be created, and roles assigned them on the project additively. | map(list(string)) | | {} | -| [service_accounts_iam](variables.tf#L174) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string))) | | {} | -| [service_accounts_iam_additive](variables.tf#L181) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string))) | | {} | -| [service_identities_iam](variables.tf#L188) | Custom IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | -| [service_identities_iam_additive](variables.tf#L195) | Custom additive IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | -| [services](variables.tf#L202) | Services to be enabled for the project. | list(string) | | [] | -| [vpc](variables.tf#L209) | VPC configuration for the project. | object({…}) | | null | +| [service_accounts](variables.tf#L165) | Service accounts to be created, and roles assigned them on the project. | map(list(string)) | | {} | +| [service_accounts_additive](variables.tf#L171) | Service accounts to be created, and roles assigned them on the project additively. | map(list(string)) | | {} | +| [service_accounts_iam](variables.tf#L177) | IAM bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string))) | | {} | +| [service_accounts_iam_additive](variables.tf#L184) | IAM additive bindings on service account resources. Format is KEY => {ROLE => [MEMBERS]} | map(map(list(string))) | | {} | +| [service_identities_iam](variables.tf#L191) | Custom IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | +| [service_identities_iam_additive](variables.tf#L198) | Custom additive IAM settings for service identities in service => [role] format. | map(list(string)) | | {} | +| [services](variables.tf#L205) | Services to be enabled for the project. | list(string) | | [] | +| [vpc](variables.tf#L212) | VPC configuration for the project. | object({…}) | | null | ## Outputs diff --git a/blueprints/factories/project-factory/main.tf b/blueprints/factories/project-factory/main.tf index 1fe5e1e49..f6b2a797c 100644 --- a/blueprints/factories/project-factory/main.tf +++ b/blueprints/factories/project-factory/main.tf @@ -29,11 +29,7 @@ locals { } _group_iam_bindings = distinct(flatten(values(var.group_iam))) _group_iam_additive_bindings = distinct(flatten(values(var.group_iam_additive))) - _project_id = ( - var.prefix == null || var.prefix == "" - ? var.project_id - : "${var.prefix}-${var.project_id}" - ) + _service_accounts_iam = { for r in local._service_accounts_iam_bindings : r => [ for k, v in var.service_accounts : diff --git a/blueprints/factories/project-factory/sample-data/defaults.yaml b/blueprints/factories/project-factory/sample-data/defaults.yaml index af810c941..72ed3f0d2 100644 --- a/blueprints/factories/project-factory/sample-data/defaults.yaml +++ b/blueprints/factories/project-factory/sample-data/defaults.yaml @@ -25,4 +25,5 @@ labels: # [opt] Additional notification channels for billing notification_channels: [] shared_vpc_self_link: projects/foo/networks/bar +prefix: test vpc_host_project: diff --git a/blueprints/factories/project-factory/sample-data/projects/project.yaml b/blueprints/factories/project-factory/sample-data/projects/project.yaml index 88ba0bf50..034499138 100644 --- a/blueprints/factories/project-factory/sample-data/projects/project.yaml +++ b/blueprints/factories/project-factory/sample-data/projects/project.yaml @@ -58,6 +58,9 @@ org_policies: deny: all: true +# [opt] Prefix - overrides default if set +prefix: test1 + # [opt] Service account to create for the project and their roles on the project # in name => [roles] format service_accounts: diff --git a/blueprints/factories/project-factory/variables.tf b/blueprints/factories/project-factory/variables.tf index cbcae798a..034974f27 100644 --- a/blueprints/factories/project-factory/variables.tf +++ b/blueprints/factories/project-factory/variables.tf @@ -149,9 +149,12 @@ variable "org_policies" { } variable "prefix" { - description = "Prefix used for the project id." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_id" { diff --git a/blueprints/gke/binauthz/README.md b/blueprints/gke/binauthz/README.md index 41eef22b6..387ceb09b 100644 --- a/blueprints/gke/binauthz/README.md +++ b/blueprints/gke/binauthz/README.md @@ -107,15 +107,15 @@ Once done testing, you can clean up resources by running `terraform destroy`. | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L44) | Project ID. | string | ✓ | | +| [prefix](variables.tf#L29) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L47) | Project ID. | string | ✓ | | | [master_cidr_block](variables.tf#L17) | Master CIDR block. | string | | "10.0.0.0/28" | | [pods_cidr_block](variables.tf#L23) | Pods CIDR block. | string | | "172.16.0.0/20" | -| [prefix](variables.tf#L29) | Prefix for resources created. | string | | null | -| [project_create](variables.tf#L35) | Parameters for the creation of the new project. | object({…}) | | null | -| [region](variables.tf#L49) | Region. | string | | "europe-west1" | -| [services_cidr_block](variables.tf#L55) | Services CIDR block. | string | | "192.168.0.0/24" | -| [subnet_cidr_block](variables.tf#L61) | Subnet CIDR block. | string | | "10.0.1.0/24" | -| [zone](variables.tf#L67) | Zone. | string | | "europe-west1-c" | +| [project_create](variables.tf#L38) | Parameters for the creation of the new project. | object({…}) | | null | +| [region](variables.tf#L52) | Region. | string | | "europe-west1" | +| [services_cidr_block](variables.tf#L58) | Services CIDR block. | string | | "192.168.0.0/24" | +| [subnet_cidr_block](variables.tf#L64) | Subnet CIDR block. | string | | "10.0.1.0/24" | +| [zone](variables.tf#L70) | Zone. | string | | "europe-west1-c" | ## Outputs diff --git a/blueprints/gke/binauthz/main.tf b/blueprints/gke/binauthz/main.tf index 0c3655e40..2761b486b 100644 --- a/blueprints/gke/binauthz/main.tf +++ b/blueprints/gke/binauthz/main.tf @@ -15,7 +15,6 @@ */ locals { - prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-" k8s_ns = "apis" k8s_sa = "storage-api-sa" image = ( @@ -60,7 +59,7 @@ module "project" { module "vpc" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}vpc" + name = "${var.prefix}-vpc" subnets = [ { ip_cidr_range = var.subnet_cidr_block @@ -78,14 +77,14 @@ module "nat" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}nat" + name = "${var.prefix}-nat" router_network = module.vpc.name } module "cluster" { source = "../../../modules/gke-cluster" project_id = module.project.project_id - name = "${local.prefix}cluster" + name = "${var.prefix}-cluster" location = var.zone vpc_config = { master_ipv4_cidr_block = var.master_cidr_block @@ -173,7 +172,7 @@ module "docker_artifact_registry" { project_id = module.project.project_id location = var.region format = "DOCKER" - id = "${local.prefix}registry" + id = "${var.prefix}-registry" iam = { "roles/artifactregistry.writer" = [module.image_cb_sa.iam_email] "roles/artifactregistry.reader" = [module.cluster_nodepool.service_account_iam_email] @@ -189,7 +188,7 @@ module "image_cb_sa" { module "image_repo" { source = "../../../modules/source-repository" project_id = module.project.project_id - name = "${local.prefix}image" + name = "${var.prefix}-image" triggers = { image-trigger = { filename = "cloudbuild.yaml" @@ -221,7 +220,7 @@ module "app_cb_sa" { module "app_repo" { source = "../../../modules/source-repository" project_id = module.project.project_id - name = "${local.prefix}app" + name = "${var.prefix}-app" triggers = { app-trigger = { filename = "cloudbuild.yaml" diff --git a/blueprints/gke/binauthz/variables.tf b/blueprints/gke/binauthz/variables.tf index 2e19b1aae..7f1804260 100644 --- a/blueprints/gke/binauthz/variables.tf +++ b/blueprints/gke/binauthz/variables.tf @@ -27,9 +27,12 @@ variable "pods_cidr_block" { } variable "prefix" { - description = "Prefix for resources created." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/gke/multitenant-fleet/README.md b/blueprints/gke/multitenant-fleet/README.md index 9e1cd9b57..80d09ac10 100644 --- a/blueprints/gke/multitenant-fleet/README.md +++ b/blueprints/gke/multitenant-fleet/README.md @@ -247,9 +247,9 @@ module "gke" { |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | | [folder_id](variables.tf#L132) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | string | ✓ | | -| [prefix](variables.tf#L179) | Prefix used for resources that need unique names. | string | ✓ | | -| [project_id](variables.tf#L184) | ID of the project that will contain all the clusters. | string | ✓ | | -| [vpc_config](variables.tf#L196) | Shared VPC project and VPC details. | object({…}) | ✓ | | +| [prefix](variables.tf#L179) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L188) | ID of the project that will contain all the clusters. | string | ✓ | | +| [vpc_config](variables.tf#L200) | Shared VPC project and VPC details. | object({…}) | ✓ | | | [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…})) | | {} | | [fleet_configmanagement_clusters](variables.tf#L70) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | map(list(string)) | | {} | | [fleet_configmanagement_templates](variables.tf#L77) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} | @@ -259,7 +259,7 @@ module "gke" { | [iam](variables.tf#L144) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | | [labels](variables.tf#L151) | Project-level labels. | map(string) | | {} | | [nodepools](variables.tf#L157) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} | -| [project_services](variables.tf#L189) | Additional project services to enable. | list(string) | | [] | +| [project_services](variables.tf#L193) | Additional project services to enable. | list(string) | | [] | ## Outputs diff --git a/blueprints/gke/multitenant-fleet/variables.tf b/blueprints/gke/multitenant-fleet/variables.tf index 8d6c69ae1..2cfd26a1b 100644 --- a/blueprints/gke/multitenant-fleet/variables.tf +++ b/blueprints/gke/multitenant-fleet/variables.tf @@ -177,8 +177,12 @@ variable "nodepools" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_id" { diff --git a/blueprints/networking/decentralized-firewall/README.md b/blueprints/networking/decentralized-firewall/README.md index cbf69606c..64a3e41ca 100644 --- a/blueprints/networking/decentralized-firewall/README.md +++ b/blueprints/networking/decentralized-firewall/README.md @@ -26,11 +26,11 @@ in the [`validator/`](validator/) subdirectory, which can be integrated as part | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string | ✓ | | -| [prefix](variables.tf#L29) | Prefix used for resources that need unique names. | string | ✓ | | -| [root_node](variables.tf#L50) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [prefix](variables.tf#L29) | Prefix used for resource names. | string | ✓ | | +| [root_node](variables.tf#L54) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | | [ip_ranges](variables.tf#L20) | Subnet IP CIDR ranges. | map(string) | | {…} | -| [project_services](variables.tf#L34) | Service APIs enabled by default in new projects. | list(string) | | […] | -| [region](variables.tf#L44) | Region used. | string | | "europe-west1" | +| [project_services](variables.tf#L38) | Service APIs enabled by default in new projects. | list(string) | | […] | +| [region](variables.tf#L48) | Region used. | string | | "europe-west1" | ## Outputs diff --git a/blueprints/networking/decentralized-firewall/variables.tf b/blueprints/networking/decentralized-firewall/variables.tf index 76a3e1cd4..cf48e23c0 100644 --- a/blueprints/networking/decentralized-firewall/variables.tf +++ b/blueprints/networking/decentralized-firewall/variables.tf @@ -27,8 +27,12 @@ variable "ip_ranges" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_services" { diff --git a/blueprints/networking/filtering-proxy-psc/README.md b/blueprints/networking/filtering-proxy-psc/README.md index 6459f3bf1..61631af58 100644 --- a/blueprints/networking/filtering-proxy-psc/README.md +++ b/blueprints/networking/filtering-proxy-psc/README.md @@ -17,12 +17,12 @@ To simplify the usage of the proxy, a Cloud DNS private zone is created in each | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [prefix](variables.tf#L44) | Prefix used for resources that need unique names. | string | ✓ | | -| [project_id](variables.tf#L66) | Project id used for all resources. | string | ✓ | | +| [prefix](variables.tf#L44) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L70) | Project id used for all resources. | string | ✓ | | | [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | list(string) | | […] | | [cidrs](variables.tf#L28) | CIDR ranges for subnets. | map(string) | | {…} | | [nat_logging](variables.tf#L38) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string | | "ERRORS_ONLY" | -| [project_create](variables.tf#L49) | Set to non null if project needs to be created. | object({…}) | | null | -| [region](variables.tf#L71) | Default region for resources. | string | | "europe-west1" | +| [project_create](variables.tf#L53) | Set to non null if project needs to be created. | object({…}) | | null | +| [region](variables.tf#L75) | Default region for resources. | string | | "europe-west1" | diff --git a/blueprints/networking/filtering-proxy-psc/variables.tf b/blueprints/networking/filtering-proxy-psc/variables.tf index 620107e4b..6e8216512 100644 --- a/blueprints/networking/filtering-proxy-psc/variables.tf +++ b/blueprints/networking/filtering-proxy-psc/variables.tf @@ -42,8 +42,12 @@ variable "nat_logging" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/networking/filtering-proxy/README.md b/blueprints/networking/filtering-proxy/README.md index 46318843c..9d7e2c025 100644 --- a/blueprints/networking/filtering-proxy/README.md +++ b/blueprints/networking/filtering-proxy/README.md @@ -21,13 +21,13 @@ You can optionally deploy the Squid server as [Managed Instance Group](https://c | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account](variables.tf#L26) | Billing account id used as default for new projects. | string | ✓ | | -| [prefix](variables.tf#L52) | Prefix used for resources that need unique names. | string | ✓ | | -| [root_node](variables.tf#L63) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [prefix](variables.tf#L52) | Prefix used for resource names. | string | ✓ | | +| [root_node](variables.tf#L67) | Root node for the new hierarchy, either 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | | [allowed_domains](variables.tf#L17) | List of domains allowed by the squid proxy. | list(string) | | […] | | [cidrs](variables.tf#L31) | CIDR ranges for subnets. | map(string) | | {…} | | [mig](variables.tf#L40) | Enables the creation of an autoscaling managed instance group of squid instances. | bool | | false | | [nat_logging](variables.tf#L46) | Enables Cloud NAT logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string | | "ERRORS_ONLY" | -| [region](variables.tf#L57) | Default region for resources. | string | | "europe-west1" | +| [region](variables.tf#L61) | Default region for resources. | string | | "europe-west1" | ## Outputs diff --git a/blueprints/networking/filtering-proxy/variables.tf b/blueprints/networking/filtering-proxy/variables.tf index 35245a409..a578eb128 100644 --- a/blueprints/networking/filtering-proxy/variables.tf +++ b/blueprints/networking/filtering-proxy/variables.tf @@ -50,8 +50,12 @@ variable "nat_logging" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "region" { diff --git a/blueprints/networking/glb-and-armor/README.md b/blueprints/networking/glb-and-armor/README.md index ff399bf46..8385beab1 100644 --- a/blueprints/networking/glb-and-armor/README.md +++ b/blueprints/networking/glb-and-armor/README.md @@ -124,10 +124,10 @@ The above command will delete the associated resources so there will be no billa | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L38) | Identifier of the project. | string | ✓ | | +| [prefix](variables.tf#L23) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L41) | Identifier of the project. | string | ✓ | | | [enforce_security_policy](variables.tf#L17) | Enforce security policy. | bool | | true | -| [prefix](variables.tf#L23) | Prefix used for created resources. | string | | null | -| [project_create](variables.tf#L29) | Parameters for the creation of the new project. | object({…}) | | null | +| [project_create](variables.tf#L32) | Parameters for the creation of the new project. | object({…}) | | null | ## Outputs diff --git a/blueprints/networking/glb-and-armor/main.tf b/blueprints/networking/glb-and-armor/main.tf index 836226090..26f90ac11 100644 --- a/blueprints/networking/glb-and-armor/main.tf +++ b/blueprints/networking/glb-and-armor/main.tf @@ -15,7 +15,7 @@ */ locals { - prefix = (var.prefix == null || var.prefix == "") ? "" : "${var.prefix}-" + prefix = var.prefix == null ? "" : "${var.prefix}-" } module "project" { @@ -40,7 +40,7 @@ module "project" { module "vpc" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}vpc" + name = "${var.prefix}-vpc" subnets = [ { ip_cidr_range = "10.0.1.0/24" @@ -70,7 +70,7 @@ module "nat_ew1" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = "europe-west1" - name = "${local.prefix}nat-eu1" + name = "${var.prefix}-nat-eu1" router_network = module.vpc.name } @@ -78,7 +78,7 @@ module "nat_ue1" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = "us-east1" - name = "${local.prefix}nat-ue1" + name = "${var.prefix}-nat-ue1" router_network = module.vpc.name } @@ -86,7 +86,7 @@ module "instance_template_ew1" { source = "../../../modules/compute-vm" project_id = module.project.project_id zone = "europe-west1-b" - name = "${local.prefix}europe-west1-template" + name = "${var.prefix}-europe-west1-template" instance_type = "n1-standard-2" network_interfaces = [{ network = module.vpc.self_link @@ -108,7 +108,7 @@ module "instance_template_ue1" { source = "../../../modules/compute-vm" project_id = module.project.project_id zone = "us-east1-b" - name = "${local.prefix}us-east1-template" + name = "${var.prefix}-us-east1-template" network_interfaces = [{ network = module.vpc.self_link subnetwork = module.vpc.subnet_self_links["us-east1/subnet-ue1"] @@ -156,7 +156,7 @@ module "mig_ew1" { source = "../../../modules/compute-mig" project_id = module.project.project_id location = "europe-west1" - name = "${local.prefix}europe-west1-mig" + name = "${var.prefix}-europe-west1-mig" instance_template = module.instance_template_ew1.template.self_link autoscaler_config = { max_replicas = 5 @@ -180,7 +180,7 @@ module "mig_ue1" { source = "../../../modules/compute-mig" project_id = module.project.project_id location = "us-east1" - name = "${local.prefix}us-east1-mig" + name = "${var.prefix}-us-east1-mig" instance_template = module.instance_template_ue1.template.self_link autoscaler_config = { max_replicas = 5 @@ -202,7 +202,7 @@ module "mig_ue1" { module "glb" { source = "../../../modules/net-glb" - name = "${local.prefix}http-lb" + name = "${var.prefix}-http-lb" project_id = module.project.project_id backend_services_config = { http-backend = { @@ -259,7 +259,7 @@ module "glb" { resource "google_compute_security_policy" "policy" { count = var.enforce_security_policy ? 1 : 0 - name = "${local.prefix}denylist-siege" + name = "${var.prefix}-denylist-siege" project = module.project.project_id rule { action = "deny(403)" diff --git a/blueprints/networking/glb-and-armor/variables.tf b/blueprints/networking/glb-and-armor/variables.tf index a428a8840..cf2aa5830 100644 --- a/blueprints/networking/glb-and-armor/variables.tf +++ b/blueprints/networking/glb-and-armor/variables.tf @@ -21,9 +21,12 @@ variable "enforce_security_policy" { } variable "prefix" { - description = "Prefix used for created resources." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/networking/hub-and-spoke-peering/README.md b/blueprints/networking/hub-and-spoke-peering/README.md index 3fa1ef9ac..d39cb3aa2 100644 --- a/blueprints/networking/hub-and-spoke-peering/README.md +++ b/blueprints/networking/hub-and-spoke-peering/README.md @@ -84,13 +84,13 @@ The VPN used to connect the GKE masters VPC does not account for HA, upgrading t | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L66) | Project id used for all resources. | string | ✓ | | +| [prefix](variables.tf#L34) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L69) | Project id used for all resources. | string | ✓ | | | [ip_ranges](variables.tf#L15) | IP CIDR ranges. | map(string) | | {…} | | [ip_secondary_ranges](variables.tf#L25) | Secondary IP CIDR ranges. | map(string) | | {…} | -| [prefix](variables.tf#L34) | Arbitrary string used to prefix resource names. | string | | null | -| [private_service_ranges](variables.tf#L40) | Private service IP CIDR ranges. | map(string) | | {…} | -| [project_create](variables.tf#L48) | Set to non null if project needs to be created. | object({…}) | | null | -| [region](variables.tf#L71) | VPC region. | string | | "europe-west1" | +| [private_service_ranges](variables.tf#L43) | Private service IP CIDR ranges. | map(string) | | {…} | +| [project_create](variables.tf#L51) | Set to non null if project needs to be created. | object({…}) | | null | +| [region](variables.tf#L74) | VPC region. | string | | "europe-west1" | ## Outputs diff --git a/blueprints/networking/hub-and-spoke-peering/main.tf b/blueprints/networking/hub-and-spoke-peering/main.tf index 7fa8142e4..de1c76612 100644 --- a/blueprints/networking/hub-and-spoke-peering/main.tf +++ b/blueprints/networking/hub-and-spoke-peering/main.tf @@ -13,7 +13,6 @@ # limitations under the License. locals { - prefix = var.prefix != null && var.prefix != "" ? "${var.prefix}-" : "" vm-instances = [ module.vm-hub.instance, module.vm-spoke-1.instance, @@ -49,11 +48,11 @@ module "project" { module "vpc-hub" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}hub" + name = "${var.prefix}-hub" subnets = [ { ip_cidr_range = var.ip_ranges.hub - name = "${local.prefix}hub-1" + name = "${var.prefix}-hub-1" region = var.region } ] @@ -63,8 +62,8 @@ module "nat-hub" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}hub" - router_name = "${local.prefix}hub" + name = "${var.prefix}-hub" + router_name = "${var.prefix}-hub" router_network = module.vpc-hub.self_link } @@ -84,11 +83,11 @@ module "vpc-hub-firewall" { module "vpc-spoke-1" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}spoke-1" + name = "${var.prefix}-spoke-1" subnets = [ { ip_cidr_range = var.ip_ranges.spoke-1 - name = "${local.prefix}spoke-1-1" + name = "${var.prefix}-spoke-1-1" region = var.region } ] @@ -107,8 +106,8 @@ module "nat-spoke-1" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}spoke-1" - router_name = "${local.prefix}spoke-1" + name = "${var.prefix}-spoke-1" + router_name = "${var.prefix}-spoke-1" router_network = module.vpc-spoke-1.self_link } @@ -127,11 +126,11 @@ module "hub-to-spoke-1-peering" { module "vpc-spoke-2" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}spoke-2" + name = "${var.prefix}-spoke-2" subnets = [ { ip_cidr_range = var.ip_ranges.spoke-2 - name = "${local.prefix}spoke-2-1" + name = "${var.prefix}-spoke-2-1" region = var.region secondary_ip_ranges = { pods = var.ip_secondary_ranges.spoke-2-pods @@ -154,8 +153,8 @@ module "nat-spoke-2" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}spoke-2" - router_name = "${local.prefix}spoke-2" + name = "${var.prefix}-spoke-2" + router_name = "${var.prefix}-spoke-2" router_network = module.vpc-spoke-2.self_link } @@ -176,10 +175,10 @@ module "vm-hub" { source = "../../../modules/compute-vm" project_id = module.project.project_id zone = "${var.region}-b" - name = "${local.prefix}hub" + name = "${var.prefix}-hub" network_interfaces = [{ network = module.vpc-hub.self_link - subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${local.prefix}hub-1"] + subnetwork = module.vpc-hub.subnet_self_links["${var.region}/${var.prefix}-hub-1"] nat = false addresses = null }] @@ -193,10 +192,10 @@ module "vm-spoke-1" { source = "../../../modules/compute-vm" project_id = module.project.project_id zone = "${var.region}-b" - name = "${local.prefix}spoke-1" + name = "${var.prefix}-spoke-1" network_interfaces = [{ network = module.vpc-spoke-1.self_link - subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${local.prefix}spoke-1-1"] + subnetwork = module.vpc-spoke-1.subnet_self_links["${var.region}/${var.prefix}-spoke-1-1"] nat = false addresses = null }] @@ -210,10 +209,10 @@ module "vm-spoke-2" { source = "../../../modules/compute-vm" project_id = module.project.project_id zone = "${var.region}-b" - name = "${local.prefix}spoke-2" + name = "${var.prefix}-spoke-2" network_interfaces = [{ network = module.vpc-spoke-2.self_link - subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"] + subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${var.prefix}-spoke-2-1"] nat = false addresses = null }] @@ -226,7 +225,7 @@ module "vm-spoke-2" { module "service-account-gce" { source = "../../../modules/iam-service-account" project_id = module.project.project_id - name = "${local.prefix}gce-test" + name = "${var.prefix}-gce-test" iam_project_roles = { (var.project_id) = [ "roles/container.developer", @@ -242,12 +241,12 @@ module "service-account-gce" { module "cluster-1" { source = "../../../modules/gke-cluster" - name = "${local.prefix}cluster-1" + name = "${var.prefix}-cluster-1" project_id = module.project.project_id location = "${var.region}-b" vpc_config = { network = module.vpc-spoke-2.self_link - subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${local.prefix}spoke-2-1"] + subnetwork = module.vpc-spoke-2.subnet_self_links["${var.region}/${var.prefix}-spoke-2-1"] master_authorized_ranges = { for name, range in var.ip_ranges : name => range } @@ -269,7 +268,7 @@ module "cluster-1" { module "cluster-1-nodepool-1" { source = "../../../modules/gke-nodepool" - name = "${local.prefix}nodepool-1" + name = "${var.prefix}-nodepool-1" project_id = module.project.project_id location = module.cluster-1.location cluster_name = module.cluster-1.name @@ -284,7 +283,7 @@ module "cluster-1-nodepool-1" { module "service-account-gke-node" { source = "../../../modules/iam-service-account" project_id = module.project.project_id - name = "${local.prefix}gke-node" + name = "${var.prefix}-gke-node" iam_project_roles = { (var.project_id) = [ "roles/logging.logWriter", "roles/monitoring.metricWriter", @@ -301,7 +300,7 @@ module "vpn-hub" { project_id = module.project.project_id region = var.region network = module.vpc-hub.name - name = "${local.prefix}hub" + name = "${var.prefix}-hub" remote_ranges = values(var.private_service_ranges) tunnels = { spoke-2 = { @@ -318,7 +317,7 @@ module "vpn-spoke-2" { project_id = module.project.project_id region = var.region network = module.vpc-spoke-2.name - name = "${local.prefix}spoke-2" + name = "${var.prefix}-spoke-2" # use an aggregate of the remote ranges, so as to be less specific than the # routes exchanged via peering remote_ranges = ["10.0.0.0/8"] diff --git a/blueprints/networking/hub-and-spoke-peering/variables.tf b/blueprints/networking/hub-and-spoke-peering/variables.tf index fdaf4e834..803b73964 100644 --- a/blueprints/networking/hub-and-spoke-peering/variables.tf +++ b/blueprints/networking/hub-and-spoke-peering/variables.tf @@ -32,9 +32,12 @@ variable "ip_secondary_ranges" { } variable "prefix" { - description = "Arbitrary string used to prefix resource names." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "private_service_ranges" { diff --git a/blueprints/networking/hub-and-spoke-vpn/README.md b/blueprints/networking/hub-and-spoke-vpn/README.md index 2ba3a86ad..4f580ed82 100644 --- a/blueprints/networking/hub-and-spoke-vpn/README.md +++ b/blueprints/networking/hub-and-spoke-vpn/README.md @@ -85,13 +85,13 @@ ping test-r2.dev.example.com | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L49) | Project id for all resources. | string | ✓ | | +| [prefix](variables.tf#L34) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L52) | Project id for all resources. | string | ✓ | | | [ip_ranges](variables.tf#L15) | Subnet IP CIDR ranges. | map(string) | | {…} | | [ip_secondary_ranges](variables.tf#L28) | Subnet secondary ranges. | map(map(string)) | | {} | -| [prefix](variables.tf#L34) | Prefix used in resource names. | string | | null | -| [project_create_config](variables.tf#L40) | Populate with billing account id to trigger project creation. | object({…}) | | null | -| [regions](variables.tf#L54) | VPC regions. | map(string) | | {…} | -| [vpn_configs](variables.tf#L63) | VPN configurations. | map(object({…})) | | {…} | +| [project_create_config](variables.tf#L43) | Populate with billing account id to trigger project creation. | object({…}) | | null | +| [regions](variables.tf#L57) | VPC regions. | map(string) | | {…} | +| [vpn_configs](variables.tf#L66) | VPN configurations. | map(object({…})) | | {…} | ## Outputs diff --git a/blueprints/networking/hub-and-spoke-vpn/main.tf b/blueprints/networking/hub-and-spoke-vpn/main.tf index d3fbc8994..8810a71d6 100644 --- a/blueprints/networking/hub-and-spoke-vpn/main.tf +++ b/blueprints/networking/hub-and-spoke-vpn/main.tf @@ -12,10 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -locals { - prefix = var.prefix == null ? "" : "${var.prefix}-" -} - # enable services in the project used module "project" { @@ -35,11 +31,11 @@ module "project" { module "landing-r1-vm" { source = "../../../modules/compute-vm" project_id = var.project_id - name = "${local.prefix}lnd-test-r1" + name = "${var.prefix}-lnd-test-r1" zone = "${var.regions.r1}-b" network_interfaces = [{ network = module.landing-vpc.self_link - subnetwork = module.landing-vpc.subnet_self_links["${var.regions.r1}/${local.prefix}lnd-0"] + subnetwork = module.landing-vpc.subnet_self_links["${var.regions.r1}/${var.prefix}-lnd-0"] nat = false addresses = null }] @@ -51,11 +47,11 @@ module "landing-r1-vm" { module "prod-r1-vm" { source = "../../../modules/compute-vm" project_id = var.project_id - name = "${local.prefix}prd-test-r1" + name = "${var.prefix}-prd-test-r1" zone = "${var.regions.r1}-b" network_interfaces = [{ network = module.prod-vpc.self_link - subnetwork = module.prod-vpc.subnet_self_links["${var.regions.r1}/${local.prefix}prd-0"] + subnetwork = module.prod-vpc.subnet_self_links["${var.regions.r1}/${var.prefix}-prd-0"] nat = false addresses = null }] @@ -67,11 +63,11 @@ module "prod-r1-vm" { module "dev-r2-vm" { source = "../../../modules/compute-vm" project_id = var.project_id - name = "${local.prefix}dev-test-r2" + name = "${var.prefix}-dev-test-r2" zone = "${var.regions.r2}-b" network_interfaces = [{ network = module.dev-vpc.self_link - subnetwork = module.dev-vpc.subnet_self_links["${var.regions.r2}/${local.prefix}dev-0"] + subnetwork = module.dev-vpc.subnet_self_links["${var.regions.r2}/${var.prefix}-dev-0"] nat = false addresses = null }] diff --git a/blueprints/networking/hub-and-spoke-vpn/net-dev.tf b/blueprints/networking/hub-and-spoke-vpn/net-dev.tf index 736c742f6..f7cf84dba 100644 --- a/blueprints/networking/hub-and-spoke-vpn/net-dev.tf +++ b/blueprints/networking/hub-and-spoke-vpn/net-dev.tf @@ -17,11 +17,11 @@ module "dev-vpc" { source = "../../../modules/net-vpc" project_id = var.project_id - name = "${local.prefix}dev" + name = "${var.prefix}-dev" subnets = [ { ip_cidr_range = var.ip_ranges.dev-0-r1 - name = "${local.prefix}dev-0" + name = "${var.prefix}-dev-0" region = var.regions.r1 secondary_ip_ranges = try( var.ip_secondary_ranges.dev-0-r1, {} @@ -29,7 +29,7 @@ module "dev-vpc" { }, { ip_cidr_range = var.ip_ranges.dev-0-r2 - name = "${local.prefix}dev-0" + name = "${var.prefix}-dev-0" region = var.regions.r2 secondary_ip_ranges = try( var.ip_secondary_ranges.dev-0-r2, {} @@ -51,7 +51,7 @@ module "dev-dns-peering" { source = "../../../modules/dns" project_id = var.project_id type = "peering" - name = "${local.prefix}example-com-dev-peering" + name = "${var.prefix}-example-com-dev-peering" domain = "example.com." client_networks = [module.dev-vpc.self_link] peer_network = module.landing-vpc.self_link @@ -61,7 +61,7 @@ module "dev-dns-zone" { source = "../../../modules/dns" project_id = var.project_id type = "private" - name = "${local.prefix}dev-example-com" + name = "${var.prefix}-dev-example-com" domain = "dev.example.com." client_networks = [module.landing-vpc.self_link] recordsets = { diff --git a/blueprints/networking/hub-and-spoke-vpn/net-landing.tf b/blueprints/networking/hub-and-spoke-vpn/net-landing.tf index b385bfb1d..31fdb8561 100644 --- a/blueprints/networking/hub-and-spoke-vpn/net-landing.tf +++ b/blueprints/networking/hub-and-spoke-vpn/net-landing.tf @@ -17,11 +17,11 @@ module "landing-vpc" { source = "../../../modules/net-vpc" project_id = var.project_id - name = "${local.prefix}lnd" + name = "${var.prefix}-lnd" subnets = [ { ip_cidr_range = var.ip_ranges.land-0-r1 - name = "${local.prefix}lnd-0" + name = "${var.prefix}-lnd-0" region = var.regions.r1 secondary_ip_ranges = try( var.ip_secondary_ranges.land-0-r1, {} @@ -29,7 +29,7 @@ module "landing-vpc" { }, { ip_cidr_range = var.ip_ranges.land-0-r2 - name = "${local.prefix}lnd-0" + name = "${var.prefix}-lnd-0" region = var.regions.r2 secondary_ip_ranges = try( var.ip_secondary_ranges.land-0-r2, {} @@ -51,7 +51,7 @@ module "landing-dns-zone" { source = "../../../modules/dns" project_id = var.project_id type = "private" - name = "${local.prefix}example-com" + name = "${var.prefix}-example-com" domain = "example.com." client_networks = [module.landing-vpc.self_link] recordsets = { diff --git a/blueprints/networking/hub-and-spoke-vpn/net-prod.tf b/blueprints/networking/hub-and-spoke-vpn/net-prod.tf index ad58b5858..ec3260215 100644 --- a/blueprints/networking/hub-and-spoke-vpn/net-prod.tf +++ b/blueprints/networking/hub-and-spoke-vpn/net-prod.tf @@ -17,11 +17,11 @@ module "prod-vpc" { source = "../../../modules/net-vpc" project_id = var.project_id - name = "${local.prefix}prd" + name = "${var.prefix}-prd" subnets = [ { ip_cidr_range = var.ip_ranges.prod-0-r1 - name = "${local.prefix}prd-0" + name = "${var.prefix}-prd-0" region = var.regions.r1 secondary_ip_ranges = try( var.ip_secondary_ranges.prod-0-r1, {} @@ -29,7 +29,7 @@ module "prod-vpc" { }, { ip_cidr_range = var.ip_ranges.prod-0-r2 - name = "${local.prefix}prd-0" + name = "${var.prefix}-prd-0" region = var.regions.r2 secondary_ip_ranges = try( var.ip_secondary_ranges.prod-0-r2, {} @@ -51,7 +51,7 @@ module "prod-dns-peering" { source = "../../../modules/dns" project_id = var.project_id type = "peering" - name = "${local.prefix}example-com-prd-peering" + name = "${var.prefix}-example-com-prd-peering" domain = "example.com." client_networks = [module.prod-vpc.self_link] peer_network = module.landing-vpc.self_link @@ -61,7 +61,7 @@ module "prod-dns-zone" { source = "../../../modules/dns" project_id = var.project_id type = "private" - name = "${local.prefix}prd-example-com" + name = "${var.prefix}-prd-example-com" domain = "prd.example.com." client_networks = [module.landing-vpc.self_link] recordsets = { diff --git a/blueprints/networking/hub-and-spoke-vpn/variables.tf b/blueprints/networking/hub-and-spoke-vpn/variables.tf index 98286e8ef..90fbd3593 100644 --- a/blueprints/networking/hub-and-spoke-vpn/variables.tf +++ b/blueprints/networking/hub-and-spoke-vpn/variables.tf @@ -32,9 +32,12 @@ variable "ip_secondary_ranges" { } variable "prefix" { - description = "Prefix used in resource names." + description = "Prefix used for resource names." type = string - default = null + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create_config" { diff --git a/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf b/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf index 238475aad..02b58e679 100644 --- a/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf +++ b/blueprints/networking/hub-and-spoke-vpn/vpn-dev-r1.tf @@ -19,9 +19,9 @@ module "landing-to-dev-vpn-r1" { project_id = var.project_id network = module.landing-vpc.self_link region = var.regions.r1 - name = "${local.prefix}lnd-to-dev-r1" + name = "${var.prefix}-lnd-to-dev-r1" router_create = false - router_name = "${local.prefix}lnd-vpn-r1" + router_name = "${var.prefix}-lnd-vpn-r1" # router is created and managed by the production VPN module # so we don't configure advertisements here peer_gcp_gateway = module.dev-to-landing-vpn-r1.self_link @@ -62,9 +62,9 @@ module "dev-to-landing-vpn-r1" { project_id = var.project_id network = module.dev-vpc.self_link region = var.regions.r1 - name = "${local.prefix}dev-to-lnd-r1" + name = "${var.prefix}-dev-to-lnd-r1" router_create = true - router_name = "${local.prefix}dev-vpn-r1" + router_name = "${var.prefix}-dev-vpn-r1" router_asn = var.vpn_configs.dev-r1.asn router_advertise_config = ( var.vpn_configs.dev-r1.custom_ranges == null diff --git a/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf b/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf index 1c2e7028c..dc9648504 100644 --- a/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf +++ b/blueprints/networking/hub-and-spoke-vpn/vpn-prod-r1.tf @@ -19,9 +19,9 @@ module "landing-to-prod-vpn-r1" { project_id = var.project_id network = module.landing-vpc.self_link region = var.regions.r1 - name = "${local.prefix}lnd-to-prd-r1" + name = "${var.prefix}-lnd-to-prd-r1" router_create = true - router_name = "${local.prefix}lnd-vpn-r1" + router_name = "${var.prefix}-lnd-vpn-r1" router_asn = var.vpn_configs.land-r1.asn router_advertise_config = ( var.vpn_configs.land-r1.custom_ranges == null @@ -68,9 +68,9 @@ module "prod-to-landing-vpn-r1" { project_id = var.project_id network = module.prod-vpc.self_link region = var.regions.r1 - name = "${local.prefix}prd-to-lnd-r1" + name = "${var.prefix}-prd-to-lnd-r1" router_create = true - router_name = "${local.prefix}prd-vpn-r1" + router_name = "${var.prefix}-prd-vpn-r1" router_asn = var.vpn_configs.prod-r1.asn # the router is managed here but shared with the dev VPN router_advertise_config = ( diff --git a/blueprints/networking/ilb-next-hop/README.md b/blueprints/networking/ilb-next-hop/README.md index e55691ebc..c3091558c 100644 --- a/blueprints/networking/ilb-next-hop/README.md +++ b/blueprints/networking/ilb-next-hop/README.md @@ -65,14 +65,14 @@ A sample testing session using `tmux`: | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L50) | Existing project id. | string | ✓ | | +| [prefix](variables.tf#L38) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L53) | Existing project id. | string | ✓ | | | [ilb_right_enable](variables.tf#L17) | Route right to left traffic through ILB. | bool | | false | | [ilb_session_affinity](variables.tf#L23) | Session affinity configuration for ILBs. | string | | "CLIENT_IP" | | [ip_ranges](variables.tf#L29) | IP CIDR ranges used for VPC subnets. | map(string) | | {…} | -| [prefix](variables.tf#L38) | Prefix used for resource names. | string | | "ilb-test" | -| [project_create](variables.tf#L44) | Create project instead of using an existing one. | bool | | false | -| [region](variables.tf#L55) | Region used for resources. | string | | "europe-west1" | -| [zones](variables.tf#L61) | Zone suffixes used for instances. | list(string) | | ["b", "c"] | +| [project_create](variables.tf#L47) | Create project instead of using an existing one. | bool | | false | +| [region](variables.tf#L58) | Region used for resources. | string | | "europe-west1" | +| [zones](variables.tf#L64) | Zone suffixes used for instances. | list(string) | | ["b", "c"] | ## Outputs diff --git a/blueprints/networking/ilb-next-hop/gateways.tf b/blueprints/networking/ilb-next-hop/gateways.tf index df0664841..3a1dcffb2 100644 --- a/blueprints/networking/ilb-next-hop/gateways.tf +++ b/blueprints/networking/ilb-next-hop/gateways.tf @@ -19,7 +19,7 @@ module "gw" { for_each = local.zones project_id = module.project.project_id zone = each.value - name = "${local.prefix}gw-${each.key}" + name = "${var.prefix}-gw-${each.key}" instance_type = "f1-micro" boot_disk = { @@ -51,7 +51,7 @@ module "gw" { }) } service_account = try( - module.service-accounts.emails["${local.prefix}gce-vm"], null + module.service-accounts.emails["${var.prefix}-gce-vm"], null ) service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"] group = { named_ports = null } @@ -61,7 +61,7 @@ module "ilb-left" { source = "../../../modules/net-ilb" project_id = module.project.project_id region = var.region - name = "${local.prefix}ilb-left" + name = "${var.prefix}-ilb-left" vpc_config = { network = module.vpc-left.self_link subnetwork = values(module.vpc-left.subnet_self_links)[0] @@ -85,7 +85,7 @@ module "ilb-right" { source = "../../../modules/net-ilb" project_id = module.project.project_id region = var.region - name = "${local.prefix}ilb-right" + name = "${var.prefix}-ilb-right" vpc_config = { network = module.vpc-right.self_link subnetwork = values(module.vpc-right.subnet_self_links)[0] diff --git a/blueprints/networking/ilb-next-hop/main.tf b/blueprints/networking/ilb-next-hop/main.tf index e6e0682e5..0f7cfe0e5 100644 --- a/blueprints/networking/ilb-next-hop/main.tf +++ b/blueprints/networking/ilb-next-hop/main.tf @@ -17,10 +17,9 @@ locals { addresses = { for k, v in module.addresses.internal_addresses : - trimprefix(k, local.prefix) => v.address + trimprefix(k, "${var.prefix}-") => v.address } - prefix = var.prefix == null || var.prefix == "" ? "" : "${var.prefix}-" - zones = { for z in var.zones : z => "${var.region}-${z}" } + zones = { for z in var.zones : z => "${var.region}-${z}" } } module "project" { @@ -36,7 +35,7 @@ module "project" { module "service-accounts" { source = "../../../modules/iam-service-account" project_id = module.project.project_id - name = "${local.prefix}gce-vm" + name = "${var.prefix}-gce-vm" iam_project_roles = { (var.project_id) = [ "roles/logging.logWriter", @@ -49,11 +48,11 @@ module "addresses" { source = "../../../modules/net-address" project_id = module.project.project_id internal_addresses = { - "${local.prefix}ilb-left" = { + "${var.prefix}-ilb-left" = { region = var.region, subnetwork = values(module.vpc-left.subnet_self_links)[0] }, - "${local.prefix}ilb-right" = { + "${var.prefix}-ilb-right" = { region = var.region, subnetwork = values(module.vpc-right.subnet_self_links)[0] } diff --git a/blueprints/networking/ilb-next-hop/outputs.tf b/blueprints/networking/ilb-next-hop/outputs.tf index 17702e832..c00282ae8 100644 --- a/blueprints/networking/ilb-next-hop/outputs.tf +++ b/blueprints/networking/ilb-next-hop/outputs.tf @@ -28,7 +28,7 @@ output "addresses" { output "backend_health_left" { description = "Command-line health status for left ILB backends." value = <<-EOT - gcloud compute backend-services get-health ${local.prefix}ilb-left \ + gcloud compute backend-services get-health ${var.prefix}-ilb-left \ --region ${var.region} \ --flatten status.healthStatus \ --format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)" @@ -38,7 +38,7 @@ output "backend_health_left" { output "backend_health_right" { description = "Command-line health status for right ILB backends." value = <<-EOT - gcloud compute backend-services get-health ${local.prefix}ilb-right \ + gcloud compute backend-services get-health ${var.prefix}-ilb-right \ --region ${var.region} \ --flatten status.healthStatus \ --format "value(status.healthStatus.ipAddress, status.healthStatus.healthState)" diff --git a/blueprints/networking/ilb-next-hop/variables.tf b/blueprints/networking/ilb-next-hop/variables.tf index 2450c4eba..51a7c03ef 100644 --- a/blueprints/networking/ilb-next-hop/variables.tf +++ b/blueprints/networking/ilb-next-hop/variables.tf @@ -38,7 +38,10 @@ variable "ip_ranges" { variable "prefix" { description = "Prefix used for resource names." type = string - default = "ilb-test" + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { diff --git a/blueprints/networking/ilb-next-hop/vms.tf b/blueprints/networking/ilb-next-hop/vms.tf index cdc36ed6b..a71a60a07 100644 --- a/blueprints/networking/ilb-next-hop/vms.tf +++ b/blueprints/networking/ilb-next-hop/vms.tf @@ -27,7 +27,7 @@ module "vm-left" { for_each = local.zones project_id = module.project.project_id zone = each.value - name = "${local.prefix}vm-left-${each.key}" + name = "${var.prefix}-vm-left-${each.key}" instance_type = "f1-micro" network_interfaces = [ { @@ -50,7 +50,7 @@ module "vm-right" { for_each = local.zones project_id = module.project.project_id zone = each.value - name = "${local.prefix}vm-right-${each.key}" + name = "${var.prefix}-vm-right-${each.key}" instance_type = "f1-micro" network_interfaces = [ { diff --git a/blueprints/networking/ilb-next-hop/vpc-left.tf b/blueprints/networking/ilb-next-hop/vpc-left.tf index f5df5234c..4cc73159c 100644 --- a/blueprints/networking/ilb-next-hop/vpc-left.tf +++ b/blueprints/networking/ilb-next-hop/vpc-left.tf @@ -17,11 +17,11 @@ module "vpc-left" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}left" + name = "${var.prefix}-left" subnets = [ { ip_cidr_range = var.ip_ranges.left - name = "${local.prefix}left" + name = "${var.prefix}-left" region = var.region }, ] @@ -48,6 +48,6 @@ module "nat-left" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}left" + name = "${var.prefix}-left" router_network = module.vpc-left.name } diff --git a/blueprints/networking/ilb-next-hop/vpc-right.tf b/blueprints/networking/ilb-next-hop/vpc-right.tf index edd6941d6..5483d34a5 100644 --- a/blueprints/networking/ilb-next-hop/vpc-right.tf +++ b/blueprints/networking/ilb-next-hop/vpc-right.tf @@ -17,11 +17,11 @@ module "vpc-right" { source = "../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}right" + name = "${var.prefix}-right" subnets = [ { ip_cidr_range = var.ip_ranges.right - name = "${local.prefix}right" + name = "${var.prefix}-right" region = var.region }, ] @@ -59,6 +59,6 @@ module "nat-right" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = "${local.prefix}right" + name = "${var.prefix}-right" router_network = module.vpc-right.name } diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/README.md b/blueprints/networking/nginx-reverse-proxy-cluster/README.md index b84362835..3a957d2c8 100644 --- a/blueprints/networking/nginx-reverse-proxy-cluster/README.md +++ b/blueprints/networking/nginx-reverse-proxy-cluster/README.md @@ -11,7 +11,6 @@ The example is for Nginx, but it could be easily adapted to any other reverse pr ## Ops Agent image There is a simple [`Dockerfile`](Dockerfile) available for building Ops Agent to be run inside the ContainerOS instance. Build the container, push it to your Container/Artifact Repository and set the `ops_agent_image` to point to the image you built. - ## Variables @@ -19,7 +18,8 @@ There is a simple [`Dockerfile`](Dockerfile) available for building Ops Agent to | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [autoscaling_metric](variables.tf#L31) | | object({…} | ✓ | | -| [project_name](variables.tf#L108) | Name of an existing project or of the new project | string | ✓ | | +| [prefix](variables.tf#L93) | Prefix used for resource names. | string | ✓ | | +| [project_name](variables.tf#L111) | Name of an existing project or of the new project | string | ✓ | | | [autoscaling](variables.tf#L17) | Autoscaling configuration for the instance group. | object({…}) | | {…} | | [backends](variables.tf#L49) | Nginx locations configurations to proxy traffic to. | string | | "<<-EOT…EOT" | | [cidrs](variables.tf#L61) | Subnet IP CIDR ranges. | map(string) | | {…} | @@ -27,11 +27,10 @@ There is a simple [`Dockerfile`](Dockerfile) available for building Ops Agent to | [network_create](variables.tf#L75) | Create network or use existing one. | bool | | true | | [nginx_image](variables.tf#L81) | Nginx container image to use. | string | | "gcr.io/cloud-marketplace/google/nginx1:latest" | | [ops_agent_image](variables.tf#L87) | Google Cloud Ops Agent container image to use. | string | | "gcr.io/sfans-hub-project-d647/ops-agent:latest" | -| [prefix](variables.tf#L93) | Prefix used for resources that need unique names. | string | | "" | -| [project_create](variables.tf#L99) | Parameters for the creation of the new project | object({…}) | | null | -| [region](variables.tf#L113) | Default region for resources. | string | | "europe-west4" | -| [subnetwork](variables.tf#L119) | Subnetwork name. | string | | "gce" | -| [tls](variables.tf#L125) | Also offer reverse proxying with TLS (self-signed certificate). | bool | | false | +| [project_create](variables.tf#L102) | Parameters for the creation of the new project | object({…}) | | null | +| [region](variables.tf#L116) | Default region for resources. | string | | "europe-west4" | +| [subnetwork](variables.tf#L122) | Subnetwork name. | string | | "gce" | +| [tls](variables.tf#L128) | Also offer reverse proxying with TLS (self-signed certificate). | bool | | false | ## Outputs diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/main.tf b/blueprints/networking/nginx-reverse-proxy-cluster/main.tf index 6b06cf271..50f5374f8 100644 --- a/blueprints/networking/nginx-reverse-proxy-cluster/main.tf +++ b/blueprints/networking/nginx-reverse-proxy-cluster/main.tf @@ -161,7 +161,7 @@ module "firewall" { project_id = module.project.project_id network = module.vpc.name ingress_rules = { - format("%sallow-http-to-proxy-cluster", var.prefix) = { + "${var.prefix}-allow-http-to-proxy-cluster" = { description = "Allow Nginx HTTP(S) ingress traffic" source_ranges = [ var.cidrs[var.subnetwork], "35.191.0.0/16", "130.211.0.0/22" @@ -170,7 +170,7 @@ module "firewall" { use_service_accounts = true rules = [{ protocol = "tcp", ports = [80, 443] }] } - format("%sallow-iap-ssh", var.prefix) = { + "${var.prefix}-allow-iap-ssh" = { description = "Allow Nginx SSH traffic from IAP" source_ranges = ["35.235.240.0/20"] targets = [module.service-account-proxy.email] @@ -184,7 +184,7 @@ module "nat" { source = "../../../modules/net-cloudnat" project_id = module.project.project_id region = var.region - name = format("%snat", var.prefix) + name = "${var.prefix}-nat" router_network = module.vpc.name config_source_subnets = "LIST_OF_SUBNETWORKS" @@ -207,7 +207,7 @@ module "nat" { module "service-account-proxy" { source = "../../../modules/iam-service-account" project_id = module.project.project_id - name = format("%sreverse-proxy", var.prefix) + name = "${var.prefix}-reverse-proxy" iam_project_roles = { (module.project.project_id) = [ "roles/logging.logWriter", @@ -241,7 +241,7 @@ module "mig-proxy" { project_id = module.project.project_id location = var.region regional = true - name = format("%sproxy-cluster", var.prefix) + name = "${var.prefix}-proxy-cluster" named_ports = { http = "80" https = "443" @@ -313,11 +313,11 @@ module "proxy-vm" { module "xlb" { source = "../../../modules/net-glb" - name = format("%sreverse-proxy-xlb", var.prefix) + name = "${var.prefix}-reverse-proxy-xlb" project_id = module.project.project_id reserve_ip_address = true health_checks_config = { - format("%sreverse-proxy-hc", var.prefix) = { + "${var.prefix}-reverse-proxy-hc" = { type = "http" logging = false options = { @@ -334,7 +334,7 @@ module "xlb" { } } backend_services_config = { - format("%sreverse-proxy-backend", var.prefix) = { + "${var.prefix}-reverse-proxy-backend" = { bucket_config = null enable_cdn = false cdn_config = null @@ -345,7 +345,7 @@ module "xlb" { options = null } ] - health_checks = [format("%sreverse-proxy-hc", var.prefix)] + health_checks = ["${var.prefix}-reverse-proxy-hc"] log_config = null options = { affinity_cookie_ttl_sec = null diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf b/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf index e44094243..92eebae79 100644 --- a/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf +++ b/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf @@ -91,9 +91,12 @@ variable "ops_agent_image" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string - default = "" + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "project_create" { @@ -127,4 +130,3 @@ variable "tls" { type = bool default = false } - diff --git a/blueprints/networking/psc-hybrid/README.md b/blueprints/networking/psc-hybrid/README.md index c697e68a8..579c9ff4c 100644 --- a/blueprints/networking/psc-hybrid/README.md +++ b/blueprints/networking/psc-hybrid/README.md @@ -41,15 +41,15 @@ Before applying this Terraform | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [dest_ip_address](variables.tf#L17) | On-prem service destination IP address. | string | ✓ | | -| [prefix](variables.tf#L28) | Prefix to use for resource names. | string | ✓ | | -| [producer](variables.tf#L33) | Producer configuration. | object({…}) | ✓ | | -| [project_id](variables.tf#L49) | When referncing existing projects, the id of the project where resources will be created. | string | ✓ | | -| [region](variables.tf#L54) | Region where resources will be created. | string | ✓ | | -| [subnet_consumer](variables.tf#L59) | Consumer subnet CIDR. | string # CIDR | ✓ | | -| [zone](variables.tf#L98) | Zone where resources will be created. | string | ✓ | | +| [prefix](variables.tf#L28) | Prefix used for resource names. | string | ✓ | | +| [producer](variables.tf#L37) | Producer configuration. | object({…}) | ✓ | | +| [project_id](variables.tf#L53) | When referncing existing projects, the id of the project where resources will be created. | string | ✓ | | +| [region](variables.tf#L58) | Region where resources will be created. | string | ✓ | | +| [subnet_consumer](variables.tf#L63) | Consumer subnet CIDR. | string # CIDR | ✓ | | +| [zone](variables.tf#L102) | Zone where resources will be created. | string | ✓ | | | [dest_port](variables.tf#L22) | On-prem service destination port. | string | | "80" | -| [project_create](variables.tf#L43) | Whether to automatically create a project. | bool | | false | -| [vpc_config](variables.tf#L64) | VPC and subnet ids, in case existing VPCs are used. | object({…}) | | {…} | -| [vpc_create](variables.tf#L92) | Whether to automatically create VPCs. | bool | | true | +| [project_create](variables.tf#L47) | Whether to automatically create a project. | bool | | false | +| [vpc_config](variables.tf#L68) | VPC and subnet ids, in case existing VPCs are used. | object({…}) | | {…} | +| [vpc_create](variables.tf#L96) | Whether to automatically create VPCs. | bool | | true | diff --git a/blueprints/networking/psc-hybrid/main.tf b/blueprints/networking/psc-hybrid/main.tf index 21d297f0b..39be8c923 100644 --- a/blueprints/networking/psc-hybrid/main.tf +++ b/blueprints/networking/psc-hybrid/main.tf @@ -15,7 +15,6 @@ */ locals { - prefix = coalesce(var.prefix, "") == "" ? "" : "${var.prefix}-" project_id = ( var.project_create ? module.project.project_id @@ -66,7 +65,7 @@ module "project" { module "vpc_producer" { source = "../../../modules/net-vpc" project_id = local.project_id - name = "${local.prefix}producer" + name = "${var.prefix}-producer" subnets = [ { ip_cidr_range = var.producer["subnet_main"] @@ -78,7 +77,7 @@ module "vpc_producer" { subnets_proxy_only = [ { ip_cidr_range = var.producer["subnet_proxy"] - name = "${local.prefix}proxy" + name = "${var.prefix}-proxy" region = var.region active = true } @@ -86,7 +85,7 @@ module "vpc_producer" { subnets_psc = [ { ip_cidr_range = var.producer["subnet_psc"] - name = "${local.prefix}psc" + name = "${var.prefix}-psc" region = var.region } ] @@ -95,7 +94,7 @@ module "vpc_producer" { module "psc_producer" { source = "./psc-producer" project_id = local.project_id - name = var.prefix + name = "${var.prefix}-producer" dest_ip_address = var.dest_ip_address dest_port = var.dest_port network = local.vpc_producer_id @@ -114,11 +113,11 @@ module "psc_producer" { module "vpc_consumer" { source = "../../../modules/net-vpc" project_id = local.project_id - name = "${local.prefix}consumer" + name = "${var.prefix}-consumer" subnets = [ { ip_cidr_range = var.subnet_consumer - name = "${local.prefix}consumer" + name = "${var.prefix}-consumer" region = var.region secondary_ip_range = {} } @@ -128,7 +127,7 @@ module "vpc_consumer" { module "psc_consumer" { source = "./psc-consumer" project_id = local.project_id - name = "${local.prefix}consumer" + name = "${var.prefix}-consumer" region = var.region network = local.vpc_consumer_id subnet = local.vpc_consumer_main diff --git a/blueprints/networking/psc-hybrid/variables.tf b/blueprints/networking/psc-hybrid/variables.tf index 1d38692d3..d5d818a8d 100644 --- a/blueprints/networking/psc-hybrid/variables.tf +++ b/blueprints/networking/psc-hybrid/variables.tf @@ -26,8 +26,12 @@ variable "dest_port" { } variable "prefix" { - description = "Prefix to use for resource names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "producer" { diff --git a/blueprints/networking/shared-vpc-gke/README.md b/blueprints/networking/shared-vpc-gke/README.md index 933a73842..858518bd8 100644 --- a/blueprints/networking/shared-vpc-gke/README.md +++ b/blueprints/networking/shared-vpc-gke/README.md @@ -48,17 +48,17 @@ There's a minor glitch that can surface running `terraform destroy`, where the s | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [billing_account_id](variables.tf#L15) | Billing account id used as default for new projects. | string | ✓ | | -| [prefix](variables.tf#L62) | Prefix used for resources that need unique names. | string | ✓ | | -| [root_node](variables.tf#L90) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | +| [prefix](variables.tf#L62) | Prefix used for resource names. | string | ✓ | | +| [root_node](variables.tf#L94) | Hierarchy node where projects will be created, 'organizations/org_id' or 'folders/folder_id'. | string | ✓ | | | [cluster_create](variables.tf#L20) | Create GKE cluster and nodepool. | bool | | true | | [ip_ranges](variables.tf#L26) | Subnet IP CIDR ranges. | map(string) | | {…} | | [ip_secondary_ranges](variables.tf#L35) | Secondary IP CIDR ranges. | map(string) | | {…} | | [owners_gce](variables.tf#L44) | GCE project owners, in IAM format. | list(string) | | [] | | [owners_gke](variables.tf#L50) | GKE project owners, in IAM format. | list(string) | | [] | | [owners_host](variables.tf#L56) | Host project owners, in IAM format. | list(string) | | [] | -| [private_service_ranges](variables.tf#L67) | Private service IP CIDR ranges. | map(string) | | {…} | -| [project_services](variables.tf#L75) | Service APIs enabled by default in new projects. | list(string) | | […] | -| [region](variables.tf#L84) | Region used. | string | | "europe-west1" | +| [private_service_ranges](variables.tf#L71) | Private service IP CIDR ranges. | map(string) | | {…} | +| [project_services](variables.tf#L79) | Service APIs enabled by default in new projects. | list(string) | | […] | +| [region](variables.tf#L88) | Region used. | string | | "europe-west1" | ## Outputs diff --git a/blueprints/networking/shared-vpc-gke/variables.tf b/blueprints/networking/shared-vpc-gke/variables.tf index daa1d72de..96ccfb0c2 100644 --- a/blueprints/networking/shared-vpc-gke/variables.tf +++ b/blueprints/networking/shared-vpc-gke/variables.tf @@ -60,8 +60,12 @@ variable "owners_host" { } variable "prefix" { - description = "Prefix used for resources that need unique names." + description = "Prefix used for resource names." type = string + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "private_service_ranges" { diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/README.md b/blueprints/third-party-solutions/wordpress/cloudrun/README.md index 4ca10796f..b9a2306f4 100644 --- a/blueprints/third-party-solutions/wordpress/cloudrun/README.md +++ b/blueprints/third-party-solutions/wordpress/cloudrun/README.md @@ -121,19 +121,19 @@ The above command will delete the associated resources so there will be no billa | name | description | type | required | default | |---|---|:---:|:---:|:---:| -| [project_id](variables.tf#L78) | Project id, references existing project if `project_create` is null. | string | ✓ | | -| [wordpress_image](variables.tf#L89) | Image to run with Cloud Run, starts with \"gcr.io\" | string | ✓ | | +| [prefix](variables.tf#L57) | Prefix used for resource names. | string | ✓ | | +| [project_id](variables.tf#L81) | Project id, references existing project if `project_create` is null. | string | ✓ | | +| [wordpress_image](variables.tf#L92) | Image to run with Cloud Run, starts with \"gcr.io\" | string | ✓ | | | [cloud_run_invoker](variables.tf#L18) | IAM member authorized to access the end-point (for example, 'user:YOUR_IAM_USER' for only you or 'allUsers' for everyone) | string | | "allUsers" | | [cloudsql_password](variables.tf#L24) | CloudSQL password (will be randomly generated by default) | string | | null | | [connector](variables.tf#L30) | Existing VPC serverless connector to use if not creating a new one | string | | null | | [create_connector](variables.tf#L36) | Should a VPC serverless connector be created or not | bool | | true | | [ip_ranges](variables.tf#L43) | CIDR blocks: VPC serverless connector, Private Service Access(PSA) for CloudSQL, CloudSQL VPC | object({…}) | | {…} | -| [prefix](variables.tf#L57) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string | | "" | -| [principals](variables.tf#L63) | List of users to give rights to (CloudSQL admin, client and instanceUser, Logging admin, Service Account User and TokenCreator), eg 'user@domain.com'. | list(string) | | [] | -| [project_create](variables.tf#L69) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | -| [region](variables.tf#L83) | Region for the created resources | string | | "europe-west4" | -| [wordpress_password](variables.tf#L94) | Password for the Wordpress user (will be randomly generated by default) | string | | null | -| [wordpress_port](variables.tf#L100) | Port for the Wordpress image | number | | 8080 | +| [principals](variables.tf#L66) | List of users to give rights to (CloudSQL admin, client and instanceUser, Logging admin, Service Account User and TokenCreator), eg 'user@domain.com'. | list(string) | | [] | +| [project_create](variables.tf#L72) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | | null | +| [region](variables.tf#L86) | Region for the created resources | string | | "europe-west4" | +| [wordpress_password](variables.tf#L97) | Password for the Wordpress user (will be randomly generated by default) | string | | null | +| [wordpress_port](variables.tf#L103) | Port for the Wordpress image | number | | 8080 | ## Outputs diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf index 0841d69bc..39f40286c 100644 --- a/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf +++ b/blueprints/third-party-solutions/wordpress/cloudrun/cloudsql.tf @@ -23,7 +23,7 @@ resource "random_password" "cloudsql_password" { module "vpc" { source = "../../../../modules/net-vpc" project_id = module.project.project_id - name = "${local.prefix}sql-vpc" + name = "${var.prefix}-sql-vpc" subnets = [ { ip_cidr_range = var.ip_ranges.sql_vpc @@ -43,7 +43,7 @@ module "vpc" { resource "google_vpc_access_connector" "connector" { count = var.create_connector ? 1 : 0 project = module.project.project_id - name = "${local.prefix}wp-connector" + name = "${var.prefix}-wp-connector" region = var.region ip_cidr_range = var.ip_ranges.connector network = module.vpc.self_link @@ -55,7 +55,7 @@ module "cloudsql" { source = "../../../../modules/cloudsql-instance" project_id = module.project.project_id network = module.vpc.self_link - name = "${local.prefix}mysql" + name = "${var.prefix}-mysql" region = var.region database_version = local.cloudsql_conf.database_version tier = local.cloudsql_conf.tier diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/main.tf b/blueprints/third-party-solutions/wordpress/cloudrun/main.tf index 009dc4aee..04027790d 100644 --- a/blueprints/third-party-solutions/wordpress/cloudrun/main.tf +++ b/blueprints/third-party-solutions/wordpress/cloudrun/main.tf @@ -34,7 +34,6 @@ locals { "roles/iam.serviceAccountTokenCreator" = local.all_principals_iam } connector = var.connector == null ? google_vpc_access_connector.connector.0.self_link : var.connector - prefix = var.prefix == null ? "" : "${var.prefix}-" wp_user = "user" wp_pass = var.wordpress_password == null ? random_password.wp_password.result : var.wordpress_password } @@ -71,7 +70,7 @@ resource "random_password" "wp_password" { module "cloud_run" { source = "../../../../modules/cloud-run" project_id = module.project.project_id - name = "${local.prefix}cr-wordpress" + name = "${var.prefix}-cr-wordpress" region = var.region containers = [{ @@ -117,4 +116,4 @@ module "cloud_run" { vpcaccess_connector = local.connector } ingress_settings = "all" -} \ No newline at end of file +} diff --git a/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf b/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf index 426ffe76a..2327839a7 100644 --- a/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf +++ b/blueprints/third-party-solutions/wordpress/cloudrun/variables.tf @@ -55,9 +55,12 @@ variable "ip_ranges" { } variable "prefix" { - description = "Unique prefix used for resource names. Not used for project if 'project_create' is null." + description = "Prefix used for resource names." type = string - default = "" + validation { + condition = var.prefix != "" + error_message = "Prefix cannot be empty." + } } variable "principals" { diff --git a/tests/blueprints/cloud_operations/adfs/fixture/main.tf b/tests/blueprints/cloud_operations/adfs/fixture/main.tf index 5571377fc..ac5a4133d 100644 --- a/tests/blueprints/cloud_operations/adfs/fixture/main.tf +++ b/tests/blueprints/cloud_operations/adfs/fixture/main.tf @@ -16,6 +16,7 @@ module "test" { source = "../../../../../blueprints/cloud-operations/adfs" + prefix = var.prefix project_create = var.project_create project_id = var.project_id ad_dns_domain_name = var.ad_dns_domain_name diff --git a/tests/blueprints/cloud_operations/adfs/fixture/variables.tf b/tests/blueprints/cloud_operations/adfs/fixture/variables.tf index a48a77e21..bce726b18 100644 --- a/tests/blueprints/cloud_operations/adfs/fixture/variables.tf +++ b/tests/blueprints/cloud_operations/adfs/fixture/variables.tf @@ -41,7 +41,7 @@ variable "project_id" { variable "prefix" { type = string - default = null + default = "test" } variable "network_config" { diff --git a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf index 6cdb97547..78ae42811 100644 --- a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf +++ b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/main.tf @@ -18,6 +18,7 @@ module "test" { source = "../../../../../blueprints/cloud-operations/dns-shared-vpc" billing_account_id = "111111-222222-333333" folder_id = "folders/1234567890" + prefix = var.prefix shared_vpc_link = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default" teams = var.teams } diff --git a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf index c6eeb83ef..dd34e4d5c 100644 --- a/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf +++ b/tests/blueprints/cloud_operations/dns_shared_vpc/fixture/variables.tf @@ -12,6 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +variable "prefix" { + type = string + default = "test" +} + variable "teams" { type = list(string) default = ["team1", "team2"] diff --git a/tests/blueprints/factories/project_factory/fixture/defaults.yaml b/tests/blueprints/factories/project_factory/fixture/defaults.yaml index dc5b16166..61837818f 100644 --- a/tests/blueprints/factories/project_factory/fixture/defaults.yaml +++ b/tests/blueprints/factories/project_factory/fixture/defaults.yaml @@ -22,3 +22,4 @@ labels: # [opt] Additional notification channels for billing notification_channels: [] +prefix: test diff --git a/tests/blueprints/factories/project_factory/fixture/main.tf b/tests/blueprints/factories/project_factory/fixture/main.tf index 3d1360f55..ae686b935 100644 --- a/tests/blueprints/factories/project_factory/fixture/main.tf +++ b/tests/blueprints/factories/project_factory/fixture/main.tf @@ -44,6 +44,7 @@ module "projects" { kms_service_agents = try(each.value.kms, {}) labels = try(each.value.labels, {}) org_policies = try(each.value.org_policies, null) + prefix = each.value.prefix service_accounts = try(each.value.service_accounts, {}) services = try(each.value.services, []) service_identities_iam = try(each.value.service_identities_iam, {}) diff --git a/tests/blueprints/factories/project_factory/fixture/projects/project.yaml b/tests/blueprints/factories/project_factory/fixture/projects/project.yaml index b9d0d85a7..a15819848 100644 --- a/tests/blueprints/factories/project_factory/fixture/projects/project.yaml +++ b/tests/blueprints/factories/project_factory/fixture/projects/project.yaml @@ -58,6 +58,9 @@ org_policies: values: - projects/fast-prod-iac-core-0 +# [opt] Prefix - overrides default if set +prefix: test1 + # [opt] Service account to create for the project and their roles on the project # in name => [roles] format service_accounts: diff --git a/tests/blueprints/gke/binauthz/fixture/main.tf b/tests/blueprints/gke/binauthz/fixture/main.tf index eefdacc8b..23e1504b8 100644 --- a/tests/blueprints/gke/binauthz/fixture/main.tf +++ b/tests/blueprints/gke/binauthz/fixture/main.tf @@ -16,6 +16,7 @@ module "test" { source = "../../../../../blueprints/gke/binauthz" + prefix = var.prefix project_create = var.project_create project_id = var.project_id } diff --git a/tests/blueprints/gke/binauthz/fixture/variables.tf b/tests/blueprints/gke/binauthz/fixture/variables.tf index 439d6b0b4..fe991fff7 100644 --- a/tests/blueprints/gke/binauthz/fixture/variables.tf +++ b/tests/blueprints/gke/binauthz/fixture/variables.tf @@ -24,3 +24,8 @@ variable "project_id" { type = string default = "my-project" } + +variable "prefix" { + type = string + default = "test" +} diff --git a/tests/blueprints/networking/glb_and_armor/fixture/main.tf b/tests/blueprints/networking/glb_and_armor/fixture/main.tf index 155677b20..2a5a70773 100644 --- a/tests/blueprints/networking/glb_and_armor/fixture/main.tf +++ b/tests/blueprints/networking/glb_and_armor/fixture/main.tf @@ -14,6 +14,7 @@ module "test" { source = "../../../../../blueprints/networking/glb-and-armor" + prefix = var.prefix project_create = var.project_create project_id = var.project_id enforce_security_policy = var.enforce_security_policy diff --git a/tests/blueprints/networking/glb_and_armor/fixture/variables.tf b/tests/blueprints/networking/glb_and_armor/fixture/variables.tf index d6e3c90de..41090c1c3 100644 --- a/tests/blueprints/networking/glb_and_armor/fixture/variables.tf +++ b/tests/blueprints/networking/glb_and_armor/fixture/variables.tf @@ -12,6 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +variable "prefix" { + type = string + default = "test" +} + variable "project_create" { type = object({ billing_account_id = string diff --git a/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf b/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf index 009a26f93..c5b105e68 100644 --- a/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf +++ b/tests/blueprints/networking/hub_and_spoke_peering/fixture/main.tf @@ -16,6 +16,7 @@ module "test" { source = "../../../../../blueprints/networking/hub-and-spoke-peering" + prefix = var.prefix project_create = { billing_account = "123456-123456-123456" oslogin = true diff --git a/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf b/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf index 626af0119..b67795f96 100644 --- a/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf +++ b/tests/blueprints/networking/hub_and_spoke_peering/fixture/variables.tf @@ -12,6 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +variable "prefix" { + type = string + default = "test" +} + variable "project_id" { type = string default = "project-1" diff --git a/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf index 17da8aa05..37558c714 100644 --- a/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf +++ b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/main.tf @@ -16,9 +16,10 @@ module "test" { source = "../../../../../blueprints/networking/hub-and-spoke-vpn" + prefix = var.prefix project_create_config = { billing_account_id = "ABCDE-123456-ABCDE" parent_id = null } - project_id = "test-1" + project_id = var.project_id } diff --git a/tests/blueprints/networking/hub_and_spoke_vpn/fixture/variables.tf b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/variables.tf new file mode 100644 index 000000000..b67795f96 --- /dev/null +++ b/tests/blueprints/networking/hub_and_spoke_vpn/fixture/variables.tf @@ -0,0 +1,23 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +variable "prefix" { + type = string + default = "test" +} + +variable "project_id" { + type = string + default = "project-1" +} diff --git a/tests/blueprints/networking/ilb_next_hop/fixture/main.tf b/tests/blueprints/networking/ilb_next_hop/fixture/main.tf index 68a148c20..acaad22ad 100644 --- a/tests/blueprints/networking/ilb_next_hop/fixture/main.tf +++ b/tests/blueprints/networking/ilb_next_hop/fixture/main.tf @@ -16,6 +16,7 @@ module "test" { source = "../../../../../blueprints/networking/ilb-next-hop" + prefix = var.prefix project_create = var.project_create project_id = var.project_id } diff --git a/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf b/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf index 3d884c252..4eede1798 100644 --- a/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf +++ b/tests/blueprints/networking/ilb_next_hop/fixture/variables.tf @@ -12,6 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +variable "prefix" { + type = string + default = "test" +} + variable "project_create" { type = bool default = true diff --git a/tests/examples/variables.tf b/tests/examples/variables.tf index 35f7b06c1..1924ac403 100644 --- a/tests/examples/variables.tf +++ b/tests/examples/variables.tf @@ -36,6 +36,10 @@ variable "folder_id" { default = "folders/1122334455" } +variable "prefix" { + default = "test" +} + variable "project_id" { default = "project-id" }