diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0345358ba..bb0d4e005 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file.
### BLUEPRINTS
+- [[#1722](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1722)] Add support for org policies to project factory ([ludoo](https://github.com/ludoo))
- [[#1692](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1692)] **incompatible change:** Allow using no service account in compute-vm ([ludoo](https://github.com/ludoo))
### DOCUMENTATION
@@ -19,6 +20,7 @@ All notable changes to this project will be documented in this file.
### FAST
+- [[#1718](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1718)] FAST: add example of custom org policy condition to bootstrap README ([ludoo](https://github.com/ludoo))
- [[#1715](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1715)] Fix indentation in FAST hierarchical firewall rules ([juliocc](https://github.com/juliocc))
- [[#1711](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1711)] [FAST] Fix tenant folder tag ([lcaggio](https://github.com/lcaggio))
- [[#1707](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1707)] Only apply org policies when bootstrap user is not set ([ludoo](https://github.com/ludoo))
@@ -29,6 +31,9 @@ All notable changes to this project will be documented in this file.
### MODULES
+- [[#1723](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1723)] Add storage billing model ([devuonocar](https://github.com/devuonocar))
+- [[#1719](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1719)] Add GLB HTTP to HTTPS redirect example ([ludoo](https://github.com/ludoo))
+- [[#1717](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1717)] Apigee module fix try ([apichick](https://github.com/apichick))
- [[#1716](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1716)] Add retry policy for subscriptions ([devuonocar](https://github.com/devuonocar))
- [[#1709](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1709)] Add bug fix in bucket local variable ([luigi-bitonti](https://github.com/luigi-bitonti))
- [[#1704](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/1704)] Add cloud function secrets tests ([wiktorn](https://github.com/wiktorn))
diff --git a/README.md b/README.md
index 6d67d06b2..84dbdca20 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ Currently available modules:
- **foundational** - [billing budget](./modules/billing-budget), [Cloud Identity group](./modules/cloud-identity-group/), [folder](./modules/folder), [service accounts](./modules/iam-service-account), [logging bucket](./modules/logging-bucket), [organization](./modules/organization), [project](./modules/project), [projects-data-source](./modules/projects-data-source)
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [VLAN Attachment](./modules/net-vlan-attachment/), [External Application LB](./modules/net-lb-app-ext/), [External Passthrough Network LB](./modules/net-lb-ext), [Firewall policy](./modules/net-firewall-policy), [Internal Application LB](./modules/net-lb-app-int), [Internal Passthrough Network LB](./modules/net-lb-int), [Internal Proxy Network LB](./modules/net-lb-proxy-int), [IPSec over Interconnect](./modules/net-ipsec-over-interconnect), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory), [Secure Web Proxy](./modules/net-swp)
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool), [GCVE private cloud](./modules/gcve-private-cloud)
-- **data** - [AlloyDB instance](./modules/alloydb-instance), [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub)
+- **data** - [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Dataplex](./modules/dataplex), [Dataplex DataScan](./modules/dataplex-datascan/), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub)
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository)
- **security** - [Binauthz](./modules/binauthz/), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc)
- **serverless** - [Cloud Function v1](./modules/cloud-function-v1), [Cloud Function v2](./modules/cloud-function-v2), [Cloud Run](./modules/cloud-run)
diff --git a/blueprints/apigee/bigquery-analytics/versions.tf b/blueprints/apigee/bigquery-analytics/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/apigee/bigquery-analytics/versions.tf
+++ b/blueprints/apigee/bigquery-analytics/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/versions.tf b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/versions.tf
+++ b/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/cloud-operations/adfs/versions.tf b/blueprints/cloud-operations/adfs/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/cloud-operations/adfs/versions.tf
+++ b/blueprints/cloud-operations/adfs/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/cloud-operations/asset-inventory-feed-remediation/versions.tf b/blueprints/cloud-operations/asset-inventory-feed-remediation/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/cloud-operations/asset-inventory-feed-remediation/versions.tf
+++ b/blueprints/cloud-operations/asset-inventory-feed-remediation/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/cloud-operations/dns-fine-grained-iam/README.md b/blueprints/cloud-operations/dns-fine-grained-iam/README.md
index db88b37b1..6379495dd 100644
--- a/blueprints/cloud-operations/dns-fine-grained-iam/README.md
+++ b/blueprints/cloud-operations/dns-fine-grained-iam/README.md
@@ -128,5 +128,5 @@ module "test1" {
project_create = true
project_id = "test"
}
-# tftest modules=9 resources=28
+# tftest modules=9 resources=27
```
diff --git a/blueprints/cloud-operations/dns-fine-grained-iam/versions.tf b/blueprints/cloud-operations/dns-fine-grained-iam/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/cloud-operations/dns-fine-grained-iam/versions.tf
+++ b/blueprints/cloud-operations/dns-fine-grained-iam/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/cloud-operations/dns-shared-vpc/README.md b/blueprints/cloud-operations/dns-shared-vpc/README.md
index ad8d6125c..ed64d1de9 100644
--- a/blueprints/cloud-operations/dns-shared-vpc/README.md
+++ b/blueprints/cloud-operations/dns-shared-vpc/README.md
@@ -51,5 +51,5 @@ module "test" {
shared_vpc_link = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default"
teams = ["team1", "team2"]
}
-# tftest modules=9 resources=20
+# tftest modules=9 resources=16
```
diff --git a/blueprints/cloud-operations/dns-shared-vpc/versions.tf b/blueprints/cloud-operations/dns-shared-vpc/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/cloud-operations/dns-shared-vpc/versions.tf
+++ b/blueprints/cloud-operations/dns-shared-vpc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/cloud-operations/iam-delegated-role-grants/versions.tf b/blueprints/cloud-operations/iam-delegated-role-grants/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/cloud-operations/iam-delegated-role-grants/versions.tf
+++ b/blueprints/cloud-operations/iam-delegated-role-grants/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/cloud-operations/onprem-sa-key-management/versions.tf b/blueprints/cloud-operations/onprem-sa-key-management/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/cloud-operations/onprem-sa-key-management/versions.tf
+++ b/blueprints/cloud-operations/onprem-sa-key-management/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/cloud-operations/packer-image-builder/versions.tf b/blueprints/cloud-operations/packer-image-builder/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/cloud-operations/packer-image-builder/versions.tf
+++ b/blueprints/cloud-operations/packer-image-builder/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/cloud-operations/quota-monitoring/versions.tf b/blueprints/cloud-operations/quota-monitoring/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/cloud-operations/quota-monitoring/versions.tf
+++ b/blueprints/cloud-operations/quota-monitoring/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/cloud-operations/scheduled-asset-inventory-export-bq/versions.tf b/blueprints/cloud-operations/scheduled-asset-inventory-export-bq/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/cloud-operations/scheduled-asset-inventory-export-bq/versions.tf
+++ b/blueprints/cloud-operations/scheduled-asset-inventory-export-bq/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/data-solutions/bq-ml/versions.tf b/blueprints/data-solutions/bq-ml/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/data-solutions/bq-ml/versions.tf
+++ b/blueprints/data-solutions/bq-ml/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/data-solutions/cmek-via-centralized-kms/versions.tf b/blueprints/data-solutions/cmek-via-centralized-kms/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/data-solutions/cmek-via-centralized-kms/versions.tf
+++ b/blueprints/data-solutions/cmek-via-centralized-kms/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/data-solutions/data-platform-foundations/02-load.tf b/blueprints/data-solutions/data-platform-foundations/02-load.tf
index 52fb5276f..2810a38f8 100644
--- a/blueprints/data-solutions/data-platform-foundations/02-load.tf
+++ b/blueprints/data-solutions/data-platform-foundations/02-load.tf
@@ -17,7 +17,8 @@
locals {
load_iam = {
data_engineers = [
- "roles/dataflow.admin"
+ "roles/dataflow.admin",
+ "roles/dataflow.developer"
]
robots_dataflow_load = [
"roles/storage.objectAdmin"
@@ -54,6 +55,7 @@ module "load-project" {
"cloudkms.googleapis.com",
"compute.googleapis.com",
"dataflow.googleapis.com",
+ "datalineage.googleapis.com",
"dlp.googleapis.com",
"pubsub.googleapis.com",
"servicenetworking.googleapis.com",
diff --git a/blueprints/data-solutions/data-platform-foundations/03-composer.tf b/blueprints/data-solutions/data-platform-foundations/03-composer.tf
index 8c803e4b6..af169e719 100644
--- a/blueprints/data-solutions/data-platform-foundations/03-composer.tf
+++ b/blueprints/data-solutions/data-platform-foundations/03-composer.tf
@@ -68,16 +68,20 @@ module "orch-sa-cmp-0" {
}
resource "google_composer_environment" "orch-cmp-0" {
- count = var.composer_config.disable_deployment == true ? 0 : 1
- project = module.orch-project.project_id
- name = "${var.prefix}-orc-cmp-0"
- region = var.region
+ count = var.composer_config.disable_deployment == true ? 0 : 1
+ provider = google-beta
+ project = module.orch-project.project_id
+ name = "${var.prefix}-orc-cmp-0"
+ region = var.region
config {
software_config {
airflow_config_overrides = try(var.composer_config.software_config.airflow_config_overrides, null)
pypi_packages = try(var.composer_config.software_config.pypi_packages, null)
env_variables = local.env_variables
image_version = try(var.composer_config.software_config.image_version, null)
+ cloud_data_lineage_integration {
+ enabled = var.composer_config.software_config.cloud_data_lineage_integration
+ }
}
dynamic "workloads_config" {
for_each = (try(var.composer_config.workloads_config, null) != null ? { 1 = 1 } : {})
diff --git a/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf b/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf
index 804250a5c..c97721a47 100644
--- a/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf
+++ b/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf
@@ -21,10 +21,13 @@ locals {
"roles/bigquery.dataEditor",
"roles/bigquery.jobUser",
"roles/cloudbuild.builds.editor",
+ "roles/composer.admin",
+ "roles/composer.user",
"roles/composer.environmentAndStorageObjectAdmin",
"roles/iam.serviceAccountUser",
"roles/iap.httpsResourceAccessor",
- "roles/serviceusage.serviceUsageConsumer"
+ "roles/serviceusage.serviceUsageConsumer",
+ "roles/storage.objectAdmin"
]
robots_cloudbuild = [
"roles/storage.objectAdmin"
@@ -33,6 +36,10 @@ locals {
"roles/composer.ServiceAgentV2Ext",
"roles/storage.objectAdmin"
]
+ sa_df_build = [
+ "roles/cloudbuild.serviceAgent",
+ "roles/storage.objectAdmin"
+ ]
sa_load = [
"roles/artifactregistry.reader",
"roles/bigquery.dataEditor",
@@ -63,9 +70,7 @@ module "orch-project" {
)
iam = local.use_projects ? {} : local.orch_iam_auth
iam_bindings_additive = !local.use_projects ? {} : local.orch_iam_additive
- compute_metadata = {
- enable-oslogin = "false"
- }
+
services = concat(var.project_services, [
"artifactregistry.googleapis.com",
"bigquery.googleapis.com",
@@ -79,6 +84,7 @@ module "orch-project" {
"containerregistry.googleapis.com",
"artifactregistry.googleapis.com",
"dataflow.googleapis.com",
+ "datalineage.googleapis.com",
"orgpolicy.googleapis.com",
"pubsub.googleapis.com",
"servicenetworking.googleapis.com",
diff --git a/blueprints/data-solutions/data-platform-foundations/05-datawarehouse.tf b/blueprints/data-solutions/data-platform-foundations/05-datawarehouse.tf
index 8ba0f0f96..7cbd4bfae 100644
--- a/blueprints/data-solutions/data-platform-foundations/05-datawarehouse.tf
+++ b/blueprints/data-solutions/data-platform-foundations/05-datawarehouse.tf
@@ -19,12 +19,14 @@ locals {
data_analysts = [
"roles/bigquery.dataViewer",
"roles/bigquery.jobUser",
+ "roles/datacatalog.tagTemplateViewer",
"roles/datacatalog.viewer",
"roles/storage.objectViewer"
]
data_engineers = [
"roles/bigquery.dataViewer",
"roles/bigquery.jobUser",
+ "roles/datacatalog.tagTemplateViewer",
"roles/datacatalog.viewer",
"roles/storage.objectViewer"
]
@@ -41,10 +43,13 @@ locals {
data_engineers = [
"roles/bigquery.dataViewer",
"roles/bigquery.jobUser",
+ "roles/datacatalog.tagTemplateViewer",
"roles/datacatalog.viewer",
"roles/storage.objectViewer"
]
sa_load = [
+ "roles/bigquery.dataOwner",
+ "roles/bigquery.jobUser",
"roles/storage.objectCreator"
]
sa_transf_bq = [
@@ -52,9 +57,7 @@ locals {
"roles/datacatalog.categoryAdmin"
]
sa_transf_df = [
- "roles/bigquery.dataOwner",
- "roles/bigquery.dataViewer",
- "roles/bigquery.jobUser"
+ "roles/bigquery.dataViewer"
]
}
}
diff --git a/blueprints/data-solutions/data-platform-foundations/README.md b/blueprints/data-solutions/data-platform-foundations/README.md
index 5c2cabee9..f313614b9 100644
--- a/blueprints/data-solutions/data-platform-foundations/README.md
+++ b/blueprints/data-solutions/data-platform-foundations/README.md
@@ -228,7 +228,7 @@ module "data-platform" {
}
prefix = "myprefix"
}
-# tftest modules=43 resources=279
+# tftest modules=43 resources=290
```
## Customizations
@@ -255,24 +255,43 @@ Once you have identified the required project granularity for your use case, we
The application layer is out of scope of this script. As a demo purpuse only, several Cloud Composer DAGs are provided. Demos will import data from the `drop off` area to the `Data Warehouse Confidential` dataset suing different features.
You can find examples in the `[demo](./demo)` folder.
+
+## Cleanup
+
+If you want to destroy the Data Platform deployment, follow these steps.
+
+**ATTENTION**: The following procedure will permanently delete all of your data in an irreversible manner.
+
+```bash
+# remove GCS buckets and BQ dataset manually. Projects will be destroyed anyway
+for x in $(terraform state list | grep google_storage_bucket.bucket); do
+ terraform state rm "$x";
+done
+
+for x in $(terraform state list | grep google_bigquery_dataset); do
+ terraform state rm "$x";
+done
+
+terraform destroy
+```
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [organization_domain](variables.tf#L164) | Organization domain. | string | ✓ | |
-| [prefix](variables.tf#L169) | Prefix used for resource names. | string | ✓ | |
-| [project_config](variables.tf#L178) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | |
-| [composer_config](variables.tf#L17) | Cloud Composer config. | object({…}) | | {…} |
-| [data_catalog_tags](variables.tf#L105) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(object({…})) | | {…} |
-| [data_force_destroy](variables.tf#L119) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | bool | | false |
-| [groups](variables.tf#L125) | User groups. | map(string) | | {…} |
-| [location](variables.tf#L135) | Location used for multi-regional resources. | string | | "eu" |
-| [network_config](variables.tf#L141) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null |
-| [project_services](variables.tf#L212) | List of core services enabled on all projects. | list(string) | | […] |
-| [project_suffix](variables.tf#L223) | Suffix used only for project ids. | string | | null |
-| [region](variables.tf#L229) | Region used for regional resources. | string | | "europe-west1" |
-| [service_encryption_keys](variables.tf#L235) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null |
+| [organization_domain](variables.tf#L165) | Organization domain. | string | ✓ | |
+| [prefix](variables.tf#L170) | Prefix used for resource names. | string | ✓ | |
+| [project_config](variables.tf#L179) | Provide 'billing_account_id' value if project creation is needed, uses existing 'project_ids' if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…}) | ✓ | |
+| [composer_config](variables.tf#L17) | Cloud Composer config. | object({…}) | | {…} |
+| [data_catalog_tags](variables.tf#L106) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(object({…})) | | {…} |
+| [data_force_destroy](variables.tf#L120) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | bool | | false |
+| [groups](variables.tf#L126) | User groups. | map(string) | | {…} |
+| [location](variables.tf#L136) | Location used for multi-regional resources. | string | | "eu" |
+| [network_config](variables.tf#L142) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…}) | | null |
+| [project_services](variables.tf#L213) | List of core services enabled on all projects. | list(string) | | […] |
+| [project_suffix](variables.tf#L224) | Suffix used only for project ids. | string | | null |
+| [region](variables.tf#L230) | Region used for regional resources. | string | | "europe-west1" |
+| [service_encryption_keys](variables.tf#L236) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null |
## Outputs
diff --git a/blueprints/data-solutions/data-platform-foundations/demo/datapipeline.py b/blueprints/data-solutions/data-platform-foundations/demo/datapipeline.py
index 45b71b30d..e23fd1162 100644
--- a/blueprints/data-solutions/data-platform-foundations/demo/datapipeline.py
+++ b/blueprints/data-solutions/data-platform-foundations/demo/datapipeline.py
@@ -38,9 +38,6 @@ DWH_CURATED_GCS = Variable.get("DWH_CURATED_GCS")
DWH_CONFIDENTIAL_PRJ = Variable.get("DWH_CONFIDENTIAL_PRJ")
DWH_CONFIDENTIAL_BQ_DATASET = Variable.get("DWH_CONFIDENTIAL_BQ_DATASET")
DWH_CONFIDENTIAL_GCS = Variable.get("DWH_CONFIDENTIAL_GCS")
-DWH_PLG_PRJ = Variable.get("DWH_PLG_PRJ")
-DWH_PLG_BQ_DATASET = Variable.get("DWH_PLG_BQ_DATASET")
-DWH_PLG_GCS = Variable.get("DWH_PLG_GCS")
GCP_REGION = Variable.get("GCP_REGION")
DRP_PRJ = Variable.get("DRP_PRJ")
DRP_BQ = Variable.get("DRP_BQ")
diff --git a/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_dc_tags.py b/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_dc_tags.py
index 5e86472af..65311dba2 100644
--- a/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_dc_tags.py
+++ b/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_dc_tags.py
@@ -39,9 +39,6 @@ DWH_CURATED_GCS = Variable.get("DWH_CURATED_GCS")
DWH_CONFIDENTIAL_PRJ = Variable.get("DWH_CONFIDENTIAL_PRJ")
DWH_CONFIDENTIAL_BQ_DATASET = Variable.get("DWH_CONFIDENTIAL_BQ_DATASET")
DWH_CONFIDENTIAL_GCS = Variable.get("DWH_CONFIDENTIAL_GCS")
-DWH_PLG_PRJ = Variable.get("DWH_PLG_PRJ")
-DWH_PLG_BQ_DATASET = Variable.get("DWH_PLG_BQ_DATASET")
-DWH_PLG_GCS = Variable.get("DWH_PLG_GCS")
GCP_REGION = Variable.get("GCP_REGION")
DRP_PRJ = Variable.get("DRP_PRJ")
DRP_BQ = Variable.get("DRP_BQ")
diff --git a/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_dc_tags_flex.py b/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_dc_tags_flex.py
index 7bbf67a16..a81ecef9b 100644
--- a/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_dc_tags_flex.py
+++ b/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_dc_tags_flex.py
@@ -40,9 +40,6 @@ DWH_CURATED_GCS = Variable.get("DWH_CURATED_GCS")
DWH_CONFIDENTIAL_PRJ = Variable.get("DWH_CONFIDENTIAL_PRJ")
DWH_CONFIDENTIAL_BQ_DATASET = Variable.get("DWH_CONFIDENTIAL_BQ_DATASET")
DWH_CONFIDENTIAL_GCS = Variable.get("DWH_CONFIDENTIAL_GCS")
-DWH_PLG_PRJ = Variable.get("DWH_PLG_PRJ")
-DWH_PLG_BQ_DATASET = Variable.get("DWH_PLG_BQ_DATASET")
-DWH_PLG_GCS = Variable.get("DWH_PLG_GCS")
GCP_REGION = Variable.get("GCP_REGION")
DRP_PRJ = Variable.get("DRP_PRJ")
DRP_BQ = Variable.get("DRP_BQ")
diff --git a/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_flex.py b/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_flex.py
index 5e60c62f0..e948fac69 100644
--- a/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_flex.py
+++ b/blueprints/data-solutions/data-platform-foundations/demo/datapipeline_flex.py
@@ -39,9 +39,6 @@ DWH_CURATED_GCS = Variable.get("DWH_CURATED_GCS")
DWH_CONFIDENTIAL_PRJ = Variable.get("DWH_CONFIDENTIAL_PRJ")
DWH_CONFIDENTIAL_BQ_DATASET = Variable.get("DWH_CONFIDENTIAL_BQ_DATASET")
DWH_CONFIDENTIAL_GCS = Variable.get("DWH_CONFIDENTIAL_GCS")
-DWH_PLG_PRJ = Variable.get("DWH_PLG_PRJ")
-DWH_PLG_BQ_DATASET = Variable.get("DWH_PLG_BQ_DATASET")
-DWH_PLG_GCS = Variable.get("DWH_PLG_GCS")
GCP_REGION = Variable.get("GCP_REGION")
DRP_PRJ = Variable.get("DRP_PRJ")
DRP_BQ = Variable.get("DRP_BQ")
diff --git a/blueprints/data-solutions/data-platform-foundations/demo/delete_table.py b/blueprints/data-solutions/data-platform-foundations/demo/delete_table.py
index 252400ad6..9ae3f384b 100644
--- a/blueprints/data-solutions/data-platform-foundations/demo/delete_table.py
+++ b/blueprints/data-solutions/data-platform-foundations/demo/delete_table.py
@@ -43,9 +43,6 @@ DWH_CURATED_GCS = Variable.get("DWH_CURATED_GCS")
DWH_CONFIDENTIAL_PRJ = Variable.get("DWH_CONFIDENTIAL_PRJ")
DWH_CONFIDENTIAL_BQ_DATASET = Variable.get("DWH_CONFIDENTIAL_BQ_DATASET")
DWH_CONFIDENTIAL_GCS = Variable.get("DWH_CONFIDENTIAL_GCS")
-DWH_PLG_PRJ = Variable.get("DWH_PLG_PRJ")
-DWH_PLG_BQ_DATASET = Variable.get("DWH_PLG_BQ_DATASET")
-DWH_PLG_GCS = Variable.get("DWH_PLG_GCS")
GCP_REGION = Variable.get("GCP_REGION")
DRP_PRJ = Variable.get("DRP_PRJ")
DRP_BQ = Variable.get("DRP_BQ")
diff --git a/blueprints/data-solutions/data-platform-foundations/locals-05-datawarehouse.tf b/blueprints/data-solutions/data-platform-foundations/locals-05-datawarehouse.tf
index 5bd652c85..47c91b1ac 100644
--- a/blueprints/data-solutions/data-platform-foundations/locals-05-datawarehouse.tf
+++ b/blueprints/data-solutions/data-platform-foundations/locals-05-datawarehouse.tf
@@ -50,6 +50,7 @@ locals {
"cloudkms.googleapis.com",
"compute.googleapis.com",
"dataflow.googleapis.com",
+ "datalineage.googleapis.com",
"pubsub.googleapis.com",
"servicenetworking.googleapis.com",
"storage.googleapis.com",
diff --git a/blueprints/data-solutions/data-platform-foundations/main.tf b/blueprints/data-solutions/data-platform-foundations/main.tf
index 77944f4df..8a22f3864 100644
--- a/blueprints/data-solutions/data-platform-foundations/main.tf
+++ b/blueprints/data-solutions/data-platform-foundations/main.tf
@@ -43,6 +43,7 @@ locals {
robots_composer = "serviceAccount:${module.orch-project.service_accounts.robots.composer}"
robots_dataflow_load = "serviceAccount:${module.load-project.service_accounts.robots.dataflow}"
robots_dataflow_trf = "serviceAccount:${module.transf-project.service_accounts.robots.dataflow}"
+ sa_df_build = module.orch-sa-df-build.iam_email
sa_drop_bq = module.drop-sa-bq-0.iam_email
sa_drop_cs = module.drop-sa-cs-0.iam_email
sa_drop_ps = module.drop-sa-ps-0.iam_email
diff --git a/blueprints/data-solutions/data-platform-foundations/variables.tf b/blueprints/data-solutions/data-platform-foundations/variables.tf
index 92a6316b4..335eede86 100644
--- a/blueprints/data-solutions/data-platform-foundations/variables.tf
+++ b/blueprints/data-solutions/data-platform-foundations/variables.tf
@@ -21,10 +21,11 @@ variable "composer_config" {
environment_size = optional(string, "ENVIRONMENT_SIZE_SMALL")
software_config = optional(
object({
- airflow_config_overrides = optional(any)
- pypi_packages = optional(any)
- env_variables = optional(map(string))
- image_version = string
+ airflow_config_overrides = optional(any)
+ pypi_packages = optional(any)
+ env_variables = optional(map(string))
+ image_version = string
+ cloud_data_lineage_integration = optional(bool, true)
}),
{ image_version = "composer-2-airflow-2" }
)
diff --git a/blueprints/data-solutions/data-playground/versions.tf b/blueprints/data-solutions/data-playground/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/data-solutions/data-playground/versions.tf
+++ b/blueprints/data-solutions/data-playground/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/versions.tf b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/versions.tf
+++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/factories/net-vpc-firewall-yaml/versions.tf b/blueprints/factories/net-vpc-firewall-yaml/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/factories/net-vpc-firewall-yaml/versions.tf
+++ b/blueprints/factories/net-vpc-firewall-yaml/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/factories/project-factory/README.md b/blueprints/factories/project-factory/README.md
index 74682ae93..9aa23883a 100644
--- a/blueprints/factories/project-factory/README.md
+++ b/blueprints/factories/project-factory/README.md
@@ -13,22 +13,32 @@ The code is meant to be executed by a high level service accounts with powerful
- Shared VPC connection if service project attachment is desired
- project creation on the nodes (folder or org) where projects will be defined
-The module also supports optional creation of specific resources that usually part of the project creation flow:
+The module also supports optional creation of specific resources that are usually part of the project creation flow:
- service accounts used for VM instances, and associated basic roles
- KMS key encrypt/decrypt permissions for service identities in the project
- membership in VPC SC standard or bridge perimeters
-Compared to the previous version of this code, network-related resources (DNS zones, VPC subnets, etc.) have been removed as they are not typically in scope for the team who manages project creation, and adding them when needed requires just a few trivial code changes.
+## Leveraging data defaults, merges, optionals
+
+In addition to the yaml files describing projects, the project factory accepts three additional sets of inputs:
+
+- the `data_defaults` variable allows specifying defaults for specific project attributes, which are only used if the attributes are not present in a project yaml
+- the `data_overrides` variable works similarly to defaults, but the values specified here take precedence over those in yaml files
+- the `data_merges` variable allows specifying additional values that are merged to sets of maps present in the yaml file, which are preserved
+
+Some examples on where to use each of the three sets are provided below.
## Example
```hcl
module "project-factory" {
source = "./fabric/blueprints/factories/project-factory"
+ # use a default billing account if none is specified via yaml
data_defaults = {
billing_account = "012345-67890A-ABCDEF"
}
+ # make sure the environment label and stackdriver service are always added
data_merges = {
labels = {
environment = "test"
@@ -37,17 +47,19 @@ module "project-factory" {
"stackdriver.googleapis.com"
]
}
+ # always use this contaxt and prefix, regardless of what is in the yaml file
data_overrides = {
contacts = {
"admin@example.com" = ["ALL"]
}
prefix = "test-pf"
}
+ # location where the yaml files are read from
factory_data = {
data_path = "data"
}
}
-# tftest modules=6 resources=12 files=prj-app-1,prj-app-2 inventory=example.yaml
+# tftest modules=6 resources=14 files=prj-app-1,prj-app-2
```
```yaml
@@ -75,6 +87,13 @@ labels:
parent: folders/12345678
service_accounts:
app-2-be: {}
+org_policies:
+ compute.disableGuestAttributesAccess:
+ rules:
+ - enforce: false
+ iam.disableServiceAccountKeyCreation:
+ rules:
+ - enforce: false
# tftest-file id=prj-app-2 path=data/prj-app-2.yaml
```
diff --git a/blueprints/factories/project-factory/factory.tf b/blueprints/factories/project-factory/factory.tf
index 0390b0558..da34dccaf 100644
--- a/blueprints/factories/project-factory/factory.tf
+++ b/blueprints/factories/project-factory/factory.tf
@@ -46,6 +46,7 @@ locals {
try(v.metric_scopes, null),
var.data_defaults.metric_scopes
)
+ org_policies = try(v.org_policies, {})
parent = coalesce(
var.data_overrides.parent,
try(v.parent, null),
diff --git a/blueprints/factories/project-factory/main.tf b/blueprints/factories/project-factory/main.tf
index 9a230063c..eb8833a47 100644
--- a/blueprints/factories/project-factory/main.tf
+++ b/blueprints/factories/project-factory/main.tf
@@ -43,6 +43,7 @@ module "projects" {
metric_scopes = distinct(concat(
each.value.metric_scopes, var.data_merges.metric_scopes
))
+ org_policies = each.value.org_policies
service_encryption_key_ids = merge(
each.value.service_encryption_key_ids,
var.data_merges.service_encryption_key_ids
diff --git a/blueprints/gke/multitenant-fleet/README.md b/blueprints/gke/multitenant-fleet/README.md
index ed89a878b..0763c6231 100644
--- a/blueprints/gke/multitenant-fleet/README.md
+++ b/blueprints/gke/multitenant-fleet/README.md
@@ -246,9 +246,9 @@ module "gke" {
|---|---|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account ID. | string | ✓ | |
| [folder_id](variables.tf#L154) | Folder used for the GKE project in folders/nnnnnnnnnnn format. | string | ✓ | |
-| [prefix](variables.tf#L205) | Prefix used for resource names. | string | ✓ | |
-| [project_id](variables.tf#L214) | ID of the project that will contain all the clusters. | string | ✓ | |
-| [vpc_config](variables.tf#L226) | Shared VPC project and VPC details. | object({…}) | ✓ | |
+| [prefix](variables.tf#L204) | Prefix used for resource names. | string | ✓ | |
+| [project_id](variables.tf#L213) | ID of the project that will contain all the clusters. | string | ✓ | |
+| [vpc_config](variables.tf#L225) | Shared VPC project and VPC details. | object({…}) | ✓ | |
| [clusters](variables.tf#L22) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…})) | | {} |
| [fleet_configmanagement_clusters](variables.tf#L92) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | map(list(string)) | | {} |
| [fleet_configmanagement_templates](variables.tf#L99) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} |
@@ -257,8 +257,8 @@ module "gke" {
| [group_iam](variables.tf#L159) | Project-level IAM bindings for groups. Use group emails as keys, list of roles as values. | map(list(string)) | | {} |
| [iam](variables.tf#L166) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
| [labels](variables.tf#L173) | Project-level labels. | map(string) | | {} |
-| [nodepools](variables.tf#L179) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} |
-| [project_services](variables.tf#L219) | Additional project services to enable. | list(string) | | [] |
+| [nodepools](variables.tf#L179) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} |
+| [project_services](variables.tf#L218) | Additional project services to enable. | list(string) | | [] |
## Outputs
diff --git a/blueprints/gke/multitenant-fleet/variables.tf b/blueprints/gke/multitenant-fleet/variables.tf
index 5d34440f9..7117d4565 100644
--- a/blueprints/gke/multitenant-fleet/variables.tf
+++ b/blueprints/gke/multitenant-fleet/variables.tf
@@ -192,8 +192,7 @@ variable "nodepools" {
service_account = optional(any)
sole_tenant_nodegroup = optional(string)
tags = optional(list(string))
- taints = optional(list(object({
- key = string
+ taints = optional(map(object({
value = string
effect = string
})))
diff --git a/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/versions.tf b/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/versions.tf
+++ b/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/networking/__need_fixing/onprem-google-access-dns/versions.tf b/blueprints/networking/__need_fixing/onprem-google-access-dns/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/networking/__need_fixing/onprem-google-access-dns/versions.tf
+++ b/blueprints/networking/__need_fixing/onprem-google-access-dns/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/networking/decentralized-firewall/README.md b/blueprints/networking/decentralized-firewall/README.md
index a4eea93f9..2fd89640c 100644
--- a/blueprints/networking/decentralized-firewall/README.md
+++ b/blueprints/networking/decentralized-firewall/README.md
@@ -51,5 +51,5 @@ module "test" {
root_node = "organizations/0123456789"
}
-# tftest modules=9 resources=56
+# tftest modules=9 resources=54
```
diff --git a/blueprints/networking/decentralized-firewall/versions.tf b/blueprints/networking/decentralized-firewall/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/networking/decentralized-firewall/versions.tf
+++ b/blueprints/networking/decentralized-firewall/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/networking/filtering-proxy-psc/README.md b/blueprints/networking/filtering-proxy-psc/README.md
index b3d90cefb..dd9f05858 100644
--- a/blueprints/networking/filtering-proxy-psc/README.md
+++ b/blueprints/networking/filtering-proxy-psc/README.md
@@ -40,5 +40,5 @@ module "test" {
}
project_id = "test-project"
}
-# tftest modules=13 resources=42
+# tftest modules=13 resources=41
```
diff --git a/blueprints/networking/filtering-proxy-psc/versions.tf b/blueprints/networking/filtering-proxy-psc/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/networking/filtering-proxy-psc/versions.tf
+++ b/blueprints/networking/filtering-proxy-psc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/networking/filtering-proxy/README.md b/blueprints/networking/filtering-proxy/README.md
index 5ed64067c..70dcf6df5 100644
--- a/blueprints/networking/filtering-proxy/README.md
+++ b/blueprints/networking/filtering-proxy/README.md
@@ -47,7 +47,7 @@ module "test1" {
prefix = "fabric"
root_node = "folders/123456789"
}
-# tftest modules=14 resources=39
+# tftest modules=14 resources=38
```
```hcl
@@ -58,5 +58,5 @@ module "test2" {
prefix = "fabric"
root_node = "folders/123456789"
}
-# tftest modules=12 resources=33
+# tftest modules=12 resources=32
```
diff --git a/blueprints/networking/filtering-proxy/versions.tf b/blueprints/networking/filtering-proxy/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/networking/filtering-proxy/versions.tf
+++ b/blueprints/networking/filtering-proxy/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/networking/hub-and-spoke-peering/versions.tf b/blueprints/networking/hub-and-spoke-peering/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/networking/hub-and-spoke-peering/versions.tf
+++ b/blueprints/networking/hub-and-spoke-peering/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/networking/hub-and-spoke-vpn/README.md b/blueprints/networking/hub-and-spoke-vpn/README.md
index d16a53fbb..d0f2d1f08 100644
--- a/blueprints/networking/hub-and-spoke-vpn/README.md
+++ b/blueprints/networking/hub-and-spoke-vpn/README.md
@@ -114,5 +114,5 @@ module "test" {
project_id = "project-1"
}
-# tftest modules=20 resources=84
+# tftest modules=20 resources=79
```
diff --git a/blueprints/networking/hub-and-spoke-vpn/versions.tf b/blueprints/networking/hub-and-spoke-vpn/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/networking/hub-and-spoke-vpn/versions.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/networking/ilb-next-hop/versions.tf b/blueprints/networking/ilb-next-hop/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/networking/ilb-next-hop/versions.tf
+++ b/blueprints/networking/ilb-next-hop/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/networking/private-cloud-function-from-onprem/README.md b/blueprints/networking/private-cloud-function-from-onprem/README.md
index 4bb9d4d98..4951454f9 100644
--- a/blueprints/networking/private-cloud-function-from-onprem/README.md
+++ b/blueprints/networking/private-cloud-function-from-onprem/README.md
@@ -45,5 +45,5 @@ module "test" {
}
project_id = "test-project"
}
-# tftest modules=11 resources=45
+# tftest modules=11 resources=44
```
diff --git a/blueprints/networking/private-cloud-function-from-onprem/versions.tf b/blueprints/networking/private-cloud-function-from-onprem/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/networking/private-cloud-function-from-onprem/versions.tf
+++ b/blueprints/networking/private-cloud-function-from-onprem/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/networking/shared-vpc-gke/README.md b/blueprints/networking/shared-vpc-gke/README.md
index 6aac2855f..a60dea0c9 100644
--- a/blueprints/networking/shared-vpc-gke/README.md
+++ b/blueprints/networking/shared-vpc-gke/README.md
@@ -80,5 +80,5 @@ module "test" {
prefix = "test"
root_node = "organizations/0123456789"
}
-# tftest modules=11 resources=46
+# tftest modules=11 resources=45
```
diff --git a/blueprints/networking/shared-vpc-gke/versions.tf b/blueprints/networking/shared-vpc-gke/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/networking/shared-vpc-gke/versions.tf
+++ b/blueprints/networking/shared-vpc-gke/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/blueprints/serverless/cloud-run-corporate/README.md b/blueprints/serverless/cloud-run-corporate/README.md
index 5fabf182f..93f98c549 100644
--- a/blueprints/serverless/cloud-run-corporate/README.md
+++ b/blueprints/serverless/cloud-run-corporate/README.md
@@ -252,7 +252,7 @@ module "test" {
prj_onprem_id = "onprem-project-id"
}
-# tftest modules=15 resources=52
+# tftest modules=15 resources=50
```
```hcl
@@ -276,7 +276,7 @@ module "test" {
tf_identity = "user@example.org"
}
-# tftest modules=15 resources=38
+# tftest modules=15 resources=36
```
```hcl
@@ -295,5 +295,5 @@ module "test" {
custom_domain = "cloud-run-corporate.example.org"
}
-# tftest modules=14 resources=47
+# tftest modules=14 resources=45
```
diff --git a/blueprints/third-party-solutions/openshift/tf/versions.tf b/blueprints/third-party-solutions/openshift/tf/versions.tf
index 91a91a314..3963660f0 100644
--- a/blueprints/third-party-solutions/openshift/tf/versions.tf
+++ b/blueprints/third-party-solutions/openshift/tf/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/default-versions.tf b/default-versions.tf
index 91a91a314..3963660f0 100644
--- a/default-versions.tf
+++ b/default-versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/fast/stages/3-data-platform/dev/IAM.md b/fast/stages/3-data-platform/dev/IAM.md
index 70622c2e0..02a5df7a9 100644
--- a/fast/stages/3-data-platform/dev/IAM.md
+++ b/fast/stages/3-data-platform/dev/IAM.md
@@ -2,108 +2,88 @@
Legend: + additive, • conditional.
-## Project dev-data-cmn-0
+## Project cmn
| members | roles |
|---|---|
|gcp-data-analysts
group|[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer) |
|gcp-data-engineers
group|[roles/dlp.estimatesAdmin](https://cloud.google.com/iam/docs/understanding-roles#dlp.estimatesAdmin)
[roles/dlp.reader](https://cloud.google.com/iam/docs/understanding-roles#dlp.reader)
[roles/dlp.user](https://cloud.google.com/iam/docs/understanding-roles#dlp.user) |
|gcp-data-security
group|[roles/datacatalog.admin](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.admin)
[roles/dlp.admin](https://cloud.google.com/iam/docs/understanding-roles#dlp.admin) |
-|dev-data-load-df-0
serviceAccount|[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/dlp.user](https://cloud.google.com/iam/docs/understanding-roles#dlp.user) |
-|dev-data-trf-bq-0
serviceAccount|[roles/datacatalog.categoryFineGrainedReader](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.categoryFineGrainedReader)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer) |
-|dev-data-trf-df-0
serviceAccount|[roles/datacatalog.categoryFineGrainedReader](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.categoryFineGrainedReader)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/dlp.user](https://cloud.google.com/iam/docs/understanding-roles#dlp.user) |
+|load-df
serviceAccount|[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/dlp.user](https://cloud.google.com/iam/docs/understanding-roles#dlp.user) |
+|trf-bq
serviceAccount|[roles/datacatalog.categoryFineGrainedReader](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.categoryFineGrainedReader)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer) |
+|trf-df
serviceAccount|[roles/datacatalog.categoryFineGrainedReader](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.categoryFineGrainedReader)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/dlp.user](https://cloud.google.com/iam/docs/understanding-roles#dlp.user) |
-## Project dev-data-dtl-0-0
+## Project drp
| members | roles |
|---|---|
-|gcp-data-analysts
group|[roles/bigquery.dataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataViewer)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/bigquery.metadataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.metadataViewer)
[roles/bigquery.user](https://cloud.google.com/iam/docs/understanding-roles#bigquery.user)
[roles/datacatalog.tagTemplateViewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.tagTemplateViewer)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
-|gcp-data-engineers
group|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/storage.admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin) |
+|gcp-data-engineers
group|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/bigquery.user](https://cloud.google.com/iam/docs/understanding-roles#bigquery.user) |
+|drp-bq
serviceAccount|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor) |
+|drp-cs
serviceAccount|[roles/storage.objectCreator](https://cloud.google.com/iam/docs/understanding-roles#storage.objectCreator) |
+|drp-ps
serviceAccount|[roles/pubsub.publisher](https://cloud.google.com/iam/docs/understanding-roles#pubsub.publisher) |
+|load-df
serviceAccount|[roles/bigquery.user](https://cloud.google.com/iam/docs/understanding-roles#bigquery.user)
[roles/pubsub.subscriber](https://cloud.google.com/iam/docs/understanding-roles#pubsub.subscriber)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
+|orc-cmp
serviceAccount|[roles/pubsub.subscriber](https://cloud.google.com/iam/docs/understanding-roles#pubsub.subscriber)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
+
+## Project dwh-conf
+
+| members | roles |
+|---|---|
+|gcp-data-analysts
group|[roles/bigquery.dataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataViewer)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/datacatalog.tagTemplateViewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.tagTemplateViewer)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
+|gcp-data-engineers
group|[roles/bigquery.dataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataViewer)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/datacatalog.tagTemplateViewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.tagTemplateViewer)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
|SERVICE_IDENTITY_service-networking
serviceAccount|[roles/servicenetworking.serviceAgent](https://cloud.google.com/iam/docs/understanding-roles#servicenetworking.serviceAgent) +|
-|dev-data-load-df-0
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/storage.objectCreator](https://cloud.google.com/iam/docs/understanding-roles#storage.objectCreator) |
-|dev-data-trf-bq-0
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/datacatalog.categoryAdmin](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.categoryAdmin) |
-|dev-data-trf-df-0
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner) |
+|trf-bq
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser) |
+|trf-df
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
-## Project dev-data-dtl-1-0
+## Project dwh-cur
| members | roles |
|---|---|
-|gcp-data-analysts
group|[roles/bigquery.dataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataViewer)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/bigquery.metadataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.metadataViewer)
[roles/bigquery.user](https://cloud.google.com/iam/docs/understanding-roles#bigquery.user)
[roles/datacatalog.tagTemplateViewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.tagTemplateViewer)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
-|gcp-data-engineers
group|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/storage.admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin) |
+|gcp-data-analysts
group|[roles/bigquery.dataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataViewer)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/datacatalog.tagTemplateViewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.tagTemplateViewer)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
+|gcp-data-engineers
group|[roles/bigquery.dataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataViewer)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/datacatalog.tagTemplateViewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.tagTemplateViewer)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
|SERVICE_IDENTITY_service-networking
serviceAccount|[roles/servicenetworking.serviceAgent](https://cloud.google.com/iam/docs/understanding-roles#servicenetworking.serviceAgent) +|
-|dev-data-load-df-0
serviceAccount|[roles/datacatalog.categoryAdmin](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.categoryAdmin) |
-|dev-data-trf-bq-0
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser) |
-|dev-data-trf-df-0
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/storage.objectCreator](https://cloud.google.com/iam/docs/understanding-roles#storage.objectCreator)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
+|trf-bq
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser) |
+|trf-df
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
-## Project dev-data-dtl-2-0
+## Project dwh-lnd
| members | roles |
|---|---|
-|gcp-data-analysts
group|[roles/bigquery.dataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataViewer)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/bigquery.metadataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.metadataViewer)
[roles/bigquery.user](https://cloud.google.com/iam/docs/understanding-roles#bigquery.user)
[roles/datacatalog.tagTemplateViewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.tagTemplateViewer)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
-|gcp-data-engineers
group|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/storage.admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin) |
+|gcp-data-engineers
group|[roles/bigquery.dataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataViewer)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/datacatalog.tagTemplateViewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.tagTemplateViewer)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
|SERVICE_IDENTITY_service-networking
serviceAccount|[roles/servicenetworking.serviceAgent](https://cloud.google.com/iam/docs/understanding-roles#servicenetworking.serviceAgent) +|
-|dev-data-load-df-0
serviceAccount|[roles/datacatalog.categoryAdmin](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.categoryAdmin) |
-|dev-data-trf-bq-0
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser) |
-|dev-data-trf-df-0
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/storage.objectCreator](https://cloud.google.com/iam/docs/understanding-roles#storage.objectCreator)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
+|load-df
serviceAccount|[roles/bigquery.dataOwner](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataOwner)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/storage.objectCreator](https://cloud.google.com/iam/docs/understanding-roles#storage.objectCreator) |
+|trf-bq
serviceAccount|[roles/bigquery.dataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataViewer)
[roles/datacatalog.categoryAdmin](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.categoryAdmin) |
+|trf-df
serviceAccount|[roles/bigquery.dataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataViewer) |
-## Project dev-data-dtl-plg-0
+## Project lod
| members | roles |
|---|---|
-|gcp-data-analysts
group|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/bigquery.metadataViewer](https://cloud.google.com/iam/docs/understanding-roles#bigquery.metadataViewer)
[roles/bigquery.user](https://cloud.google.com/iam/docs/understanding-roles#bigquery.user)
[roles/datacatalog.tagTemplateViewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.tagTemplateViewer)
[roles/datacatalog.viewer](https://cloud.google.com/iam/docs/understanding-roles#datacatalog.viewer)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
-|gcp-data-engineers
group|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/storage.admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin) |
-|SERVICE_IDENTITY_service-networking
serviceAccount|[roles/servicenetworking.serviceAgent](https://cloud.google.com/iam/docs/understanding-roles#servicenetworking.serviceAgent) +|
-
-## Project dev-data-lnd-0
-
-| members | roles |
-|---|---|
-|gcp-data-engineers
group|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/pubsub.editor](https://cloud.google.com/iam/docs/understanding-roles#pubsub.editor)
[roles/storage.admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin) |
-|dev-data-lnd-bq-0
serviceAccount|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor) |
-|dev-data-lnd-cs-0
serviceAccount|[roles/storage.objectCreator](https://cloud.google.com/iam/docs/understanding-roles#storage.objectCreator) |
-|dev-data-lnd-ps-0
serviceAccount|[roles/pubsub.publisher](https://cloud.google.com/iam/docs/understanding-roles#pubsub.publisher) |
-|dev-data-load-df-0
serviceAccount|[roles/bigquery.user](https://cloud.google.com/iam/docs/understanding-roles#bigquery.user)
[roles/pubsub.subscriber](https://cloud.google.com/iam/docs/understanding-roles#pubsub.subscriber)
[roles/storage.admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
-|dev-data-orc-cmp-0
serviceAccount|[roles/pubsub.subscriber](https://cloud.google.com/iam/docs/understanding-roles#pubsub.subscriber)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
-
-## Project dev-data-lod-0
-
-| members | roles |
-|---|---|
-|gcp-data-engineers
group|[roles/compute.viewer](https://cloud.google.com/iam/docs/understanding-roles#compute.viewer)
[roles/dataflow.admin](https://cloud.google.com/iam/docs/understanding-roles#dataflow.admin)
[roles/dataflow.developer](https://cloud.google.com/iam/docs/understanding-roles#dataflow.developer)
[roles/viewer](https://cloud.google.com/iam/docs/understanding-roles#viewer) |
+|gcp-data-engineers
group|[roles/dataflow.admin](https://cloud.google.com/iam/docs/understanding-roles#dataflow.admin)
[roles/dataflow.developer](https://cloud.google.com/iam/docs/understanding-roles#dataflow.developer) |
|SERVICE_IDENTITY_dataflow-service-producer-prod
serviceAccount|[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
|SERVICE_IDENTITY_service-networking
serviceAccount|[roles/servicenetworking.serviceAgent](https://cloud.google.com/iam/docs/understanding-roles#servicenetworking.serviceAgent) +|
-|dev-data-load-df-0
serviceAccount|[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/dataflow.admin](https://cloud.google.com/iam/docs/understanding-roles#dataflow.admin)
[roles/dataflow.worker](https://cloud.google.com/iam/docs/understanding-roles#dataflow.worker)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
-|dev-data-orc-cmp-0
serviceAccount|[roles/dataflow.admin](https://cloud.google.com/iam/docs/understanding-roles#dataflow.admin) |
+|load-df
serviceAccount|[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/dataflow.admin](https://cloud.google.com/iam/docs/understanding-roles#dataflow.admin)
[roles/dataflow.worker](https://cloud.google.com/iam/docs/understanding-roles#dataflow.worker)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
+|orc-cmp
serviceAccount|[roles/dataflow.admin](https://cloud.google.com/iam/docs/understanding-roles#dataflow.admin) |
-## Project dev-data-orc-0
+## Project orc
| members | roles |
|---|---|
-|gcp-data-engineers
group|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/cloudbuild.builds.editor](https://cloud.google.com/iam/docs/understanding-roles#cloudbuild.builds.editor)
[roles/composer.admin](https://cloud.google.com/iam/docs/understanding-roles#composer.admin)
[roles/composer.environmentAndStorageObjectAdmin](https://cloud.google.com/iam/docs/understanding-roles#composer.environmentAndStorageObjectAdmin)
[roles/iam.serviceAccountUser](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountUser)
[roles/iap.httpsResourceAccessor](https://cloud.google.com/iam/docs/understanding-roles#iap.httpsResourceAccessor)
[roles/storage.admin](https://cloud.google.com/iam/docs/understanding-roles#storage.admin)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
-|SERVICE_IDENTITY_cloudcomposer-accounts
serviceAccount|[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
+|gcp-data-engineers
group|[roles/artifactregistry.admin](https://cloud.google.com/iam/docs/understanding-roles#artifactregistry.admin)
[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/cloudbuild.builds.editor](https://cloud.google.com/iam/docs/understanding-roles#cloudbuild.builds.editor)
[roles/composer.admin](https://cloud.google.com/iam/docs/understanding-roles#composer.admin)
[roles/composer.environmentAndStorageObjectAdmin](https://cloud.google.com/iam/docs/understanding-roles#composer.environmentAndStorageObjectAdmin)
[roles/composer.user](https://cloud.google.com/iam/docs/understanding-roles#composer.user)
[roles/iam.serviceAccountUser](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountUser)
[roles/iap.httpsResourceAccessor](https://cloud.google.com/iam/docs/understanding-roles#iap.httpsResourceAccessor)
[roles/serviceusage.serviceUsageConsumer](https://cloud.google.com/iam/docs/understanding-roles#serviceusage.serviceUsageConsumer)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
+|SERVICE_IDENTITY_cloudcomposer-accounts
serviceAccount|[roles/composer.ServiceAgentV2Ext](https://cloud.google.com/iam/docs/understanding-roles#composer.ServiceAgentV2Ext)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
+|SERVICE_IDENTITY_gcp-sa-cloudbuild
serviceAccount|[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
|SERVICE_IDENTITY_service-networking
serviceAccount|[roles/servicenetworking.serviceAgent](https://cloud.google.com/iam/docs/understanding-roles#servicenetworking.serviceAgent) +|
-|dev-data-load-df-0
serviceAccount|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
-|dev-data-orc-cmp-0
serviceAccount|[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/composer.worker](https://cloud.google.com/iam/docs/understanding-roles#composer.worker)
[roles/iam.serviceAccountUser](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountUser)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
-|dev-data-trf-df-0
serviceAccount|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor) |
+|load-df
serviceAccount|[roles/artifactregistry.reader](https://cloud.google.com/iam/docs/understanding-roles#artifactregistry.reader)
[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor)
[roles/storage.objectViewer](https://cloud.google.com/iam/docs/understanding-roles#storage.objectViewer) |
+|orc-cmp
serviceAccount|[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/composer.worker](https://cloud.google.com/iam/docs/understanding-roles#composer.worker)
[roles/iam.serviceAccountUser](https://cloud.google.com/iam/docs/understanding-roles#iam.serviceAccountUser)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
+|orc-sa-df-build
serviceAccount|[roles/cloudbuild.serviceAgent](https://cloud.google.com/iam/docs/understanding-roles#cloudbuild.serviceAgent)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
+|trf-df
serviceAccount|[roles/bigquery.dataEditor](https://cloud.google.com/iam/docs/understanding-roles#bigquery.dataEditor) |
-## Project dev-data-trf-0
+## Project trf
| members | roles |
|---|---|
|gcp-data-engineers
group|[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser)
[roles/dataflow.admin](https://cloud.google.com/iam/docs/understanding-roles#dataflow.admin) |
|SERVICE_IDENTITY_dataflow-service-producer-prod
serviceAccount|[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
|SERVICE_IDENTITY_service-networking
serviceAccount|[roles/servicenetworking.serviceAgent](https://cloud.google.com/iam/docs/understanding-roles#servicenetworking.serviceAgent) +|
-|dev-data-orc-cmp-0
serviceAccount|[roles/dataflow.admin](https://cloud.google.com/iam/docs/understanding-roles#dataflow.admin) |
-|dev-data-trf-bq-0
serviceAccount|[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser) |
-|dev-data-trf-df-0
serviceAccount|[roles/dataflow.worker](https://cloud.google.com/iam/docs/understanding-roles#dataflow.worker)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
-
-## Project dev-net-spoke-0
-
-| members | roles |
-|---|---|
-|PROJECT_CLOUD_SERVICES
serviceAccount|[roles/compute.networkUser](https://cloud.google.com/iam/docs/understanding-roles#compute.networkUser) +|
-|SERVICE_IDENTITY_cloudcomposer-accounts
serviceAccount|[roles/composer.sharedVpcAgent](https://cloud.google.com/iam/docs/understanding-roles#composer.sharedVpcAgent) +|
-|SERVICE_IDENTITY_container-engine-robot
serviceAccount|[roles/compute.networkUser](https://cloud.google.com/iam/docs/understanding-roles#compute.networkUser) +
[roles/container.hostServiceAgentUser](https://cloud.google.com/iam/docs/understanding-roles#container.hostServiceAgentUser) +|
-|SERVICE_IDENTITY_dataflow-service-producer-prod
serviceAccount|[roles/compute.networkUser](https://cloud.google.com/iam/docs/understanding-roles#compute.networkUser) +
[roles/compute.networkUser](https://cloud.google.com/iam/docs/understanding-roles#compute.networkUser) +
[roles/compute.networkUser](https://cloud.google.com/iam/docs/understanding-roles#compute.networkUser) +
[roles/container.hostServiceAgentUser](https://cloud.google.com/iam/docs/understanding-roles#container.hostServiceAgentUser) +|
-|dev-data-load-df-0
serviceAccount|[roles/compute.networkUser](https://cloud.google.com/iam/docs/understanding-roles#compute.networkUser) +|
-|dev-data-trf-df-0
serviceAccount|[roles/compute.networkUser](https://cloud.google.com/iam/docs/understanding-roles#compute.networkUser) +|
+|orc-cmp
serviceAccount|[roles/dataflow.admin](https://cloud.google.com/iam/docs/understanding-roles#dataflow.admin) |
+|trf-bq
serviceAccount|[roles/bigquery.jobUser](https://cloud.google.com/iam/docs/understanding-roles#bigquery.jobUser) |
+|trf-df
serviceAccount|[roles/dataflow.worker](https://cloud.google.com/iam/docs/understanding-roles#dataflow.worker)
[roles/storage.objectAdmin](https://cloud.google.com/iam/docs/understanding-roles#storage.objectAdmin) |
diff --git a/fast/stages/3-data-platform/dev/README.md b/fast/stages/3-data-platform/dev/README.md
index 6641e27b3..397f2d20f 100644
--- a/fast/stages/3-data-platform/dev/README.md
+++ b/fast/stages/3-data-platform/dev/README.md
@@ -185,22 +185,23 @@ You can find examples in the `[demo](../../../../blueprints/data-solutions/data-
|---|---|:---:|:---:|:---:|:---:|
| [automation](variables.tf#L17) | Automation resources created by the bootstrap stage. | object({…}) | ✓ | | 0-bootstrap |
| [billing_account](variables.tf#L25) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap |
-| [folder_ids](variables.tf#L105) | Folder to be used for the networking resources in folders/nnnn format. | object({…}) | ✓ | | 1-resman |
-| [host_project_ids](variables.tf#L123) | Shared VPC project ids. | object({…}) | ✓ | | 2-networking |
-| [organization](variables.tf#L153) | Organization details. | object({…}) | ✓ | | 00-globals |
-| [prefix](variables.tf#L169) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | string | ✓ | | 00-globals |
-| [composer_config](variables.tf#L38) | Cloud Composer configuration options. | object({…}) | | {…} | |
-| [data_catalog_tags](variables.tf#L85) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(object({…})) | | {…} | |
-| [data_force_destroy](variables.tf#L99) | Flag to set 'force_destroy' on data services like BigQery or Cloud Storage. | bool | | false | |
-| [groups](variables.tf#L113) | Groups. | map(string) | | {…} | |
-| [location](variables.tf#L131) | Location used for multi-regional resources. | string | | "eu" | |
-| [network_config_composer](variables.tf#L137) | Network configurations to use for Composer. | object({…}) | | {…} | |
-| [outputs_location](variables.tf#L163) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | |
-| [project_services](variables.tf#L179) | List of core services enabled on all projects. | list(string) | | […] | |
-| [region](variables.tf#L190) | Region used for regional resources. | string | | "europe-west1" | |
-| [service_encryption_keys](variables.tf#L196) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null | |
-| [subnet_self_links](variables.tf#L208) | Shared VPC subnet self links. | object({…}) | | null | 2-networking |
-| [vpc_self_links](variables.tf#L217) | Shared VPC self links. | object({…}) | | null | 2-networking |
+| [folder_ids](variables.tf#L107) | Folder to be used for the networking resources in folders/nnnn format. | object({…}) | ✓ | | 1-resman |
+| [host_project_ids](variables.tf#L125) | Shared VPC project ids. | object({…}) | ✓ | | 2-networking |
+| [organization](variables.tf#L155) | Organization details. | object({…}) | ✓ | | 00-globals |
+| [prefix](variables.tf#L171) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | string | ✓ | | 00-globals |
+| [composer_config](variables.tf#L38) | Cloud Composer configuration options. | object({…}) | | {…} | |
+| [data_catalog_tags](variables.tf#L87) | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(object({…})) | | {…} | |
+| [data_force_destroy](variables.tf#L101) | Flag to set 'force_destroy' on data services like BigQery or Cloud Storage. | bool | | false | |
+| [groups-dp](variables.tf#L115) | Data Platform groups. | map(string) | | {…} | |
+| [location](variables.tf#L133) | Location used for multi-regional resources. | string | | "eu" | |
+| [network_config_composer](variables.tf#L139) | Network configurations to use for Composer. | object({…}) | | {…} | |
+| [outputs_location](variables.tf#L165) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | |
+| [project_services](variables.tf#L181) | List of core services enabled on all projects. | list(string) | | […] | |
+| [project_suffix](variables.tf#L192) | Suffix used only for project ids. | string | | null | |
+| [region](variables.tf#L198) | Region used for regional resources. | string | | "europe-west1" | |
+| [service_encryption_keys](variables.tf#L204) | Cloud KMS to use to encrypt different services. Key location should match service region. | object({…}) | | null | |
+| [subnet_self_links](variables.tf#L216) | Shared VPC subnet self links. | object({…}) | | null | 2-networking |
+| [vpc_self_links](variables.tf#L225) | Shared VPC self links. | object({…}) | | null | 2-networking |
## Outputs
diff --git a/fast/stages/3-data-platform/dev/main.tf b/fast/stages/3-data-platform/dev/main.tf
index 6e699837b..25dfe24aa 100644
--- a/fast/stages/3-data-platform/dev/main.tf
+++ b/fast/stages/3-data-platform/dev/main.tf
@@ -25,7 +25,7 @@ module "data-platform" {
billing_account_id = var.billing_account.id
parent = var.folder_ids.data-platform-dev
}
- groups = var.groups
+ groups = var.groups-dp
location = var.location
network_config = {
host_project = var.host_project_ids.dev-spoke-0
@@ -46,9 +46,9 @@ module "data-platform" {
}
}
organization_domain = var.organization.domain
- prefix = "${var.prefix}-dev-dt"
+ prefix = "${var.prefix}-dev-dp"
project_services = var.project_services
- project_suffix = "0"
+ project_suffix = var.project_suffix
region = var.region
service_encryption_keys = var.service_encryption_keys
}
diff --git a/fast/stages/3-data-platform/dev/variables.tf b/fast/stages/3-data-platform/dev/variables.tf
index 940c12b68..ef28fb27f 100644
--- a/fast/stages/3-data-platform/dev/variables.tf
+++ b/fast/stages/3-data-platform/dev/variables.tf
@@ -41,10 +41,11 @@ variable "composer_config" {
disable_deployment = optional(bool)
environment_size = string
software_config = object({
- airflow_config_overrides = optional(any)
- pypi_packages = optional(any)
- env_variables = optional(map(string))
- image_version = string
+ airflow_config_overrides = optional(any)
+ pypi_packages = optional(any)
+ env_variables = optional(map(string))
+ image_version = string
+ cloud_data_lineage_integration = optional(bool, true)
})
workloads_config = object({
scheduler = object(
@@ -76,7 +77,8 @@ variable "composer_config" {
default = {
environment_size = "ENVIRONMENT_SIZE_SMALL"
software_config = {
- image_version = "composer-2-airflow-2"
+ image_version = "composer-2-airflow-2"
+ cloud_data_lineage_integration = true
}
workloads_config = null
}
@@ -110,8 +112,8 @@ variable "folder_ids" {
})
}
-variable "groups" {
- description = "Groups."
+variable "groups-dp" {
+ description = "Data Platform groups."
type = map(string)
default = {
data-analysts = "gcp-data-analysts"
@@ -187,6 +189,12 @@ variable "project_services" {
]
}
+variable "project_suffix" {
+ description = "Suffix used only for project ids."
+ type = string
+ default = null
+}
+
variable "region" {
description = "Region used for regional resources."
type = string
diff --git a/fast/stages/3-gke-multitenant/dev/README.md b/fast/stages/3-gke-multitenant/dev/README.md
index db125648b..9b231c59c 100644
--- a/fast/stages/3-gke-multitenant/dev/README.md
+++ b/fast/stages/3-gke-multitenant/dev/README.md
@@ -165,8 +165,8 @@ Leave all these variables unset (or set to `null`) to disable fleet management.
| [billing_account](variables.tf#L29) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap |
| [folder_ids](variables.tf#L174) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | object({…}) | ✓ | | 1-resman |
| [host_project_ids](variables.tf#L189) | Host project for the shared VPC. | object({…}) | ✓ | | 2-networking |
-| [prefix](variables.tf#L242) | Prefix used for resources that need unique names. | string | ✓ | | |
-| [vpc_self_links](variables.tf#L258) | Self link for the shared VPC. | object({…}) | ✓ | | 2-networking |
+| [prefix](variables.tf#L241) | Prefix used for resources that need unique names. | string | ✓ | | |
+| [vpc_self_links](variables.tf#L257) | Self link for the shared VPC. | object({…}) | ✓ | | 2-networking |
| [clusters](variables.tf#L42) | Clusters configuration. Refer to the gke-cluster-standard module for type details. | map(object({…})) | | {} | |
| [fleet_configmanagement_clusters](variables.tf#L111) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | map(list(string)) | | {} | |
| [fleet_configmanagement_templates](variables.tf#L119) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} | |
@@ -175,9 +175,9 @@ Leave all these variables unset (or set to `null`) to disable fleet management.
| [group_iam](variables.tf#L182) | Project-level authoritative IAM bindings for groups in {GROUP_EMAIL => [ROLES]} format. Use group emails as keys, list of roles as values. | map(list(string)) | | {} | |
| [iam](variables.tf#L197) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | |
| [labels](variables.tf#L204) | Project-level labels. | map(string) | | {} | |
-| [nodepools](variables.tf#L210) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} | |
-| [outputs_location](variables.tf#L236) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | |
-| [project_services](variables.tf#L251) | Additional project services to enable. | list(string) | | [] | |
+| [nodepools](variables.tf#L210) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} | |
+| [outputs_location](variables.tf#L235) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | |
+| [project_services](variables.tf#L250) | Additional project services to enable. | list(string) | | [] | |
## Outputs
diff --git a/fast/stages/3-gke-multitenant/dev/variables.tf b/fast/stages/3-gke-multitenant/dev/variables.tf
index 831f828b3..50dff44a6 100644
--- a/fast/stages/3-gke-multitenant/dev/variables.tf
+++ b/fast/stages/3-gke-multitenant/dev/variables.tf
@@ -223,8 +223,7 @@ variable "nodepools" {
service_account = optional(any)
sole_tenant_nodegroup = optional(string)
tags = optional(list(string))
- taints = optional(list(object({
- key = string
+ taints = optional(map(object({
value = string
effect = string
})))
diff --git a/fast/stages/CLEANUP.md b/fast/stages/CLEANUP.md
index 83ad251cd..f00580753 100644
--- a/fast/stages/CLEANUP.md
+++ b/fast/stages/CLEANUP.md
@@ -26,6 +26,25 @@ done
terraform destroy
```
+## Stage 3 (Data Platform)
+
+Terraform refuses to delete non-empty GCS buckets and BigQuery datasets, so they need to be removed manually from the state.
+
+```bash
+cd $FAST_PWD/3-data-platform/dev/
+
+# remove GCS buckets and BQ dataset manually. Projects will be destroyed anyway
+for x in $(terraform state list | grep google_storage_bucket.bucket); do
+ terraform state rm "$x";
+done
+
+for x in $(terraform state list | grep google_bigquery_dataset); do
+ terraform state rm "$x";
+done
+
+terraform destroy
+```
+
## Stage 2 (Security)
```bash
diff --git a/modules/README.md b/modules/README.md
index 82ae57805..44df93beb 100644
--- a/modules/README.md
+++ b/modules/README.md
@@ -74,7 +74,7 @@ These modules are used in the examples included in this repository. If you are u
## Data
-- [AlloyDB instance](./alloydb-instance)
+
- [BigQuery dataset](./bigquery-dataset)
- [Bigtable instance](./bigtable-instance)
- [Dataplex](./dataplex)
diff --git a/modules/alloydb-instance/README.md b/modules/__experimental/alloydb-instance/README.md
similarity index 99%
rename from modules/alloydb-instance/README.md
rename to modules/__experimental/alloydb-instance/README.md
index 1e2413115..ff576f39f 100644
--- a/modules/alloydb-instance/README.md
+++ b/modules/__experimental/alloydb-instance/README.md
@@ -51,7 +51,7 @@ module "alloydb" {
}
-# tftest modules=1 resources=7
+# tftest skip
```
## TODO
- [ ] Add IAM support
@@ -86,3 +86,4 @@ module "alloydb" {
| [read_pool_instance_ids](outputs.tf#L38) | IDs of the read instances created. | |
+
diff --git a/modules/alloydb-instance/main.tf b/modules/__experimental/alloydb-instance/main.tf
similarity index 100%
rename from modules/alloydb-instance/main.tf
rename to modules/__experimental/alloydb-instance/main.tf
diff --git a/modules/alloydb-instance/outputs.tf b/modules/__experimental/alloydb-instance/outputs.tf
similarity index 100%
rename from modules/alloydb-instance/outputs.tf
rename to modules/__experimental/alloydb-instance/outputs.tf
diff --git a/modules/alloydb-instance/variables.tf b/modules/__experimental/alloydb-instance/variables.tf
similarity index 100%
rename from modules/alloydb-instance/variables.tf
rename to modules/__experimental/alloydb-instance/variables.tf
diff --git a/modules/alloydb-instance/versions.tf b/modules/__experimental/alloydb-instance/versions.tf
similarity index 91%
rename from modules/alloydb-instance/versions.tf
rename to modules/__experimental/alloydb-instance/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/alloydb-instance/versions.tf
+++ b/modules/__experimental/alloydb-instance/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/__experimental/net-neg/versions.tf b/modules/__experimental/net-neg/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/__experimental/net-neg/versions.tf
+++ b/modules/__experimental/net-neg/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/api-gateway/versions.tf b/modules/api-gateway/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/api-gateway/versions.tf
+++ b/modules/api-gateway/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/apigee/versions.tf b/modules/apigee/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/apigee/versions.tf
+++ b/modules/apigee/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/artifact-registry/versions.tf b/modules/artifact-registry/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/artifact-registry/versions.tf
+++ b/modules/artifact-registry/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/bigquery-dataset/README.md b/modules/bigquery-dataset/README.md
index 48bc50a5c..944dee998 100644
--- a/modules/bigquery-dataset/README.md
+++ b/modules/bigquery-dataset/README.md
@@ -117,6 +117,7 @@ module "bigquery-authorized-authorized-routine-dataset-public" {
}
resource "google_bigquery_routine" "public-routine" {
+ project = "private_project"
dataset_id = module.bigquery-authorized-authorized-routine-dataset-public.dataset_id
routine_id = "auth_routine"
routine_type = "TABLE_VALUED_FUNCTION"
@@ -280,7 +281,7 @@ module "bigquery-dataset" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [id](variables.tf#L98) | Dataset id. | string | ✓ | |
-| [project_id](variables.tf#L128) | Id of the project where datasets will be created. | string | ✓ | |
+| [project_id](variables.tf#L129) | Id of the project where datasets will be created. | string | ✓ | |
| [access](variables.tf#L17) | Map of access rules with role and identity type. Keys are arbitrary and must match those in the `access_identities` variable, types are `domain`, `group`, `special_group`, `user`, `view`. | map(object({…})) | | {} |
| [access_identities](variables.tf#L33) | Map of access identities used for basic access roles. View identities have the format 'project_id\|dataset_id\|table_id'. | map(string) | | {} |
| [authorized_datasets](variables.tf#L39) | An array of datasets to be authorized on the dataset. | list(object({…})) | | [] |
@@ -293,9 +294,9 @@ module "bigquery-dataset" {
| [iam](variables.tf#L92) | IAM bindings in {ROLE => [MEMBERS]} format. Mutually exclusive with the access_* variables used for basic roles. | map(list(string)) | | {} |
| [labels](variables.tf#L103) | Dataset labels. | map(string) | | {} |
| [location](variables.tf#L109) | Dataset location. | string | | "EU" |
-| [options](variables.tf#L115) | Dataset options. | object({…}) | | {} |
-| [tables](variables.tf#L133) | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | map(object({…})) | | {} |
-| [views](variables.tf#L162) | View definitions. | map(object({…})) | | {} |
+| [options](variables.tf#L115) | Dataset options. | object({…}) | | {} |
+| [tables](variables.tf#L134) | Table definitions. Options and partitioning default to null. Partitioning can only use `range` or `time`, set the unused one to null. | map(object({…})) | | {} |
+| [views](variables.tf#L163) | View definitions. | map(object({…})) | | {} |
## Outputs
diff --git a/modules/bigquery-dataset/main.tf b/modules/bigquery-dataset/main.tf
index fafd75f48..107cda201 100644
--- a/modules/bigquery-dataset/main.tf
+++ b/modules/bigquery-dataset/main.tf
@@ -53,6 +53,7 @@ resource "google_bigquery_dataset" "default" {
default_partition_expiration_ms = var.options.default_partition_expiration_ms
is_case_insensitive = var.options.is_case_insensitive
max_time_travel_hours = var.options.max_time_travel_hours
+ storage_billing_model = var.options.storage_billing_model
dynamic "access" {
for_each = var.dataset_access ? local.access_domain : {}
content {
diff --git a/modules/bigquery-dataset/variables.tf b/modules/bigquery-dataset/variables.tf
index cb13effa8..1ecc5f4a4 100644
--- a/modules/bigquery-dataset/variables.tf
+++ b/modules/bigquery-dataset/variables.tf
@@ -121,6 +121,7 @@ variable "options" {
delete_contents_on_destroy = optional(bool, false)
is_case_insensitive = optional(bool)
max_time_travel_hours = optional(number, 168)
+ storage_billing_model = optional(string)
})
default = {}
}
diff --git a/modules/bigquery-dataset/versions.tf b/modules/bigquery-dataset/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/bigquery-dataset/versions.tf
+++ b/modules/bigquery-dataset/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/bigtable-instance/versions.tf b/modules/bigtable-instance/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/bigtable-instance/versions.tf
+++ b/modules/bigtable-instance/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/billing-budget/versions.tf b/modules/billing-budget/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/billing-budget/versions.tf
+++ b/modules/billing-budget/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/binauthz/versions.tf b/modules/binauthz/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/binauthz/versions.tf
+++ b/modules/binauthz/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/__need_fixing/onprem/versions.tf b/modules/cloud-config-container/__need_fixing/onprem/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-config-container/__need_fixing/onprem/versions.tf
+++ b/modules/cloud-config-container/__need_fixing/onprem/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/coredns/versions.tf b/modules/cloud-config-container/coredns/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-config-container/coredns/versions.tf
+++ b/modules/cloud-config-container/coredns/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/cos-generic-metadata/versions.tf b/modules/cloud-config-container/cos-generic-metadata/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-config-container/cos-generic-metadata/versions.tf
+++ b/modules/cloud-config-container/cos-generic-metadata/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/envoy-traffic-director/versions.tf b/modules/cloud-config-container/envoy-traffic-director/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-config-container/envoy-traffic-director/versions.tf
+++ b/modules/cloud-config-container/envoy-traffic-director/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/mysql/versions.tf b/modules/cloud-config-container/mysql/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-config-container/mysql/versions.tf
+++ b/modules/cloud-config-container/mysql/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/nginx-tls/versions.tf b/modules/cloud-config-container/nginx-tls/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-config-container/nginx-tls/versions.tf
+++ b/modules/cloud-config-container/nginx-tls/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/nginx/versions.tf b/modules/cloud-config-container/nginx/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-config-container/nginx/versions.tf
+++ b/modules/cloud-config-container/nginx/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/simple-nva/versions.tf b/modules/cloud-config-container/simple-nva/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-config-container/simple-nva/versions.tf
+++ b/modules/cloud-config-container/simple-nva/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-config-container/squid/versions.tf b/modules/cloud-config-container/squid/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-config-container/squid/versions.tf
+++ b/modules/cloud-config-container/squid/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-function-v1/versions.tf b/modules/cloud-function-v1/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-function-v1/versions.tf
+++ b/modules/cloud-function-v1/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-function-v2/versions.tf b/modules/cloud-function-v2/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-function-v2/versions.tf
+++ b/modules/cloud-function-v2/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-identity-group/versions.tf b/modules/cloud-identity-group/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-identity-group/versions.tf
+++ b/modules/cloud-identity-group/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloud-run/versions.tf b/modules/cloud-run/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloud-run/versions.tf
+++ b/modules/cloud-run/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/cloudsql-instance/versions.tf b/modules/cloudsql-instance/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/cloudsql-instance/versions.tf
+++ b/modules/cloudsql-instance/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/compute-mig/versions.tf b/modules/compute-mig/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/compute-mig/versions.tf
+++ b/modules/compute-mig/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/compute-vm/versions.tf b/modules/compute-vm/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/compute-vm/versions.tf
+++ b/modules/compute-vm/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/container-registry/versions.tf b/modules/container-registry/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/container-registry/versions.tf
+++ b/modules/container-registry/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/data-catalog-policy-tag/versions.tf b/modules/data-catalog-policy-tag/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/data-catalog-policy-tag/versions.tf
+++ b/modules/data-catalog-policy-tag/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/datafusion/versions.tf b/modules/datafusion/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/datafusion/versions.tf
+++ b/modules/datafusion/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/dataplex-datascan/versions.tf b/modules/dataplex-datascan/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/dataplex-datascan/versions.tf
+++ b/modules/dataplex-datascan/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/dataplex/versions.tf b/modules/dataplex/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/dataplex/versions.tf
+++ b/modules/dataplex/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/dataproc/versions.tf b/modules/dataproc/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/dataproc/versions.tf
+++ b/modules/dataproc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/dns-response-policy/versions.tf b/modules/dns-response-policy/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/dns-response-policy/versions.tf
+++ b/modules/dns-response-policy/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/dns/README.md b/modules/dns/README.md
index 5b293768e..11499326d 100644
--- a/modules/dns/README.md
+++ b/modules/dns/README.md
@@ -27,7 +27,7 @@ module "private-dns" {
"roles/dns.admin" = ["group:dns-administrators@myorg.com"]
}
}
-# tftest modules=1 resources=5 inventory=private-zone.yaml
+# tftest modules=1 resources=4 inventory=private-zone.yaml
```
### Forwarding Zone
@@ -45,7 +45,7 @@ module "private-dns" {
}
}
}
-# tftest modules=1 resources=2 inventory=forwarding-zone.yaml
+# tftest modules=1 resources=1 inventory=forwarding-zone.yaml
```
### Peering Zone
@@ -63,7 +63,7 @@ module "private-dns" {
}
}
}
-# tftest modules=1 resources=2 inventory=peering-zone.yaml
+# tftest modules=1 resources=1 inventory=peering-zone.yaml
```
### Routing Policies
@@ -99,7 +99,7 @@ module "private-dns" {
}
}
}
-# tftest modules=1 resources=5 inventory=routing-policies.yaml
+# tftest modules=1 resources=4 inventory=routing-policies.yaml
```
### Reverse Lookup Zone
@@ -116,7 +116,7 @@ module "private-dns" {
}
}
}
-# tftest modules=1 resources=2 inventory=reverse-zone.yaml
+# tftest modules=1 resources=1 inventory=reverse-zone.yaml
```
### Public Zone
@@ -137,7 +137,7 @@ module "public-dns" {
"roles/dns.admin" = ["group:dns-administrators@myorg.com"]
}
}
-# tftest modules=1 resources=4 inventory=public-zone.yaml
+# tftest modules=1 resources=3 inventory=public-zone.yaml
```
## Variables
diff --git a/modules/dns/main.tf b/modules/dns/main.tf
index 2c4c82303..5fec4f849 100644
--- a/modules/dns/main.tf
+++ b/modules/dns/main.tf
@@ -158,7 +158,9 @@ resource "google_dns_managed_zone_iam_binding" "iam_bindings" {
}
data "google_dns_keys" "dns_keys" {
+ count = try(var.zone_config.public.dnssec_config, null) != null ? 1 : 0
managed_zone = local.managed_zone.id
+ project = var.project_id
}
resource "google_dns_record_set" "dns_record_set" {
@@ -193,4 +195,4 @@ resource "google_dns_record_set" "dns_record_set" {
depends_on = [
google_dns_managed_zone.dns_managed_zone
]
-}
\ No newline at end of file
+}
diff --git a/modules/dns/outputs.tf b/modules/dns/outputs.tf
index f8297d8be..7493b4cf7 100644
--- a/modules/dns/outputs.tf
+++ b/modules/dns/outputs.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,7 +16,7 @@
output "dns_keys" {
description = "DNSKEY and DS records of DNSSEC-signed managed zones."
- value = data.google_dns_keys.dns_keys
+ value = try(data.google_dns_keys.dns_keys, null)
}
output "domain" {
diff --git a/modules/dns/versions.tf b/modules/dns/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/dns/versions.tf
+++ b/modules/dns/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/endpoints/versions.tf b/modules/endpoints/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/endpoints/versions.tf
+++ b/modules/endpoints/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/folder/versions.tf b/modules/folder/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/folder/versions.tf
+++ b/modules/folder/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/gcs/versions.tf
+++ b/modules/gcs/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/gcve-private-cloud/versions.tf b/modules/gcve-private-cloud/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/gcve-private-cloud/versions.tf
+++ b/modules/gcve-private-cloud/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/gke-cluster-autopilot/main.tf b/modules/gke-cluster-autopilot/main.tf
index 4ca8ee54a..e11609049 100644
--- a/modules/gke-cluster-autopilot/main.tf
+++ b/modules/gke-cluster-autopilot/main.tf
@@ -339,11 +339,7 @@ resource "google_compute_network_peering_routes_config" "gke_master" {
count = (
try(var.private_cluster_config.peering_config, null) != null ? 1 : 0
)
- project = (
- try(var.private_cluster_config.peering_config, null) == null
- ? var.project_id
- : var.private_cluster_config.peering_config.project_id
- )
+ project = coalesce(var.private_cluster_config.peering_config.project_id, var.project_id)
peering = try(
google_container_cluster.cluster.private_cluster_config.0.peering_name,
null
diff --git a/modules/gke-cluster-autopilot/versions.tf b/modules/gke-cluster-autopilot/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/gke-cluster-autopilot/versions.tf
+++ b/modules/gke-cluster-autopilot/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/gke-cluster-standard/main.tf b/modules/gke-cluster-standard/main.tf
index 622c2e431..2a6a4b8f7 100644
--- a/modules/gke-cluster-standard/main.tf
+++ b/modules/gke-cluster-standard/main.tf
@@ -432,11 +432,7 @@ resource "google_compute_network_peering_routes_config" "gke_master" {
count = (
try(var.private_cluster_config.peering_config, null) != null ? 1 : 0
)
- project = (
- try(var.private_cluster_config.peering_config, null) == null
- ? var.project_id
- : var.private_cluster_config.peering_config.project_id
- )
+ project = coalesce(var.private_cluster_config.peering_config.project_id, var.project_id)
peering = try(
google_container_cluster.cluster.private_cluster_config.0.peering_name,
null
diff --git a/modules/gke-cluster-standard/versions.tf b/modules/gke-cluster-standard/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/gke-cluster-standard/versions.tf
+++ b/modules/gke-cluster-standard/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/gke-hub/versions.tf b/modules/gke-hub/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/gke-hub/versions.tf
+++ b/modules/gke-hub/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/gke-nodepool/README.md b/modules/gke-nodepool/README.md
index 6a66b2c7b..dbcc0cc40 100644
--- a/modules/gke-nodepool/README.md
+++ b/modules/gke-nodepool/README.md
@@ -104,7 +104,6 @@ module "cluster-1-nodepool-1" {
# tftest modules=1 resources=2 inventory=config.yaml
```
-
## Variables
| name | description | type | required | default |
@@ -126,7 +125,7 @@ module "cluster-1-nodepool-1" {
| [service_account](variables.tf#L164) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | object({…}) | | {} |
| [sole_tenant_nodegroup](variables.tf#L175) | Sole tenant node group. | string | | null |
| [tags](variables.tf#L181) | Network tags applied to nodes. | list(string) | | null |
-| [taints](variables.tf#L187) | Kubernetes taints applied to all nodes. | list(object({…})) | | null |
+| [taints](variables.tf#L187) | Kubernetes taints applied to all nodes. | map(object({…})) | | {} |
## Outputs
@@ -136,5 +135,4 @@ module "cluster-1-nodepool-1" {
| [name](outputs.tf#L22) | Nodepool name. | |
| [service_account_email](outputs.tf#L27) | Service account email. | |
| [service_account_iam_email](outputs.tf#L32) | Service account email. | |
-
diff --git a/modules/gke-nodepool/main.tf b/modules/gke-nodepool/main.tf
index 9ae4cf284..78e1a2e3a 100644
--- a/modules/gke-nodepool/main.tf
+++ b/modules/gke-nodepool/main.tf
@@ -147,9 +147,6 @@ resource "google_container_node_pool" "nodepool" {
var.node_config.spot == true && var.node_config.preemptible != true
)
tags = var.tags
- taint = (
- var.taints == null ? [] : concat(var.taints, local.taints_windows)
- )
dynamic "ephemeral_storage_config" {
for_each = var.node_config.ephemeral_ssd_count != null ? [""] : []
@@ -217,6 +214,14 @@ resource "google_container_node_pool" "nodepool" {
enable_integrity_monitoring = var.node_config.shielded_instance_config.enable_integrity_monitoring
}
}
+ dynamic "taint" {
+ for_each = var.taints
+ content {
+ key = taint.key
+ value = taint.value.value
+ effect = taint.effect
+ }
+ }
dynamic "workload_metadata_config" {
for_each = var.node_config.workload_metadata_config_mode != null ? [""] : []
content {
diff --git a/modules/gke-nodepool/variables.tf b/modules/gke-nodepool/variables.tf
index 1166c34f4..46f3f1d30 100644
--- a/modules/gke-nodepool/variables.tf
+++ b/modules/gke-nodepool/variables.tf
@@ -186,10 +186,17 @@ variable "tags" {
variable "taints" {
description = "Kubernetes taints applied to all nodes."
- type = list(object({
- key = string
+ type = map(object({
value = string
effect = string
}))
- default = null
+ nullable = false
+ default = {}
+ validation {
+ condition = alltrue([
+ for k, v in var.taints :
+ contains(["NO_SCHEDULE", "PREFER_NO_SCHEDULE", "NO_EXECUTE"], v.effect)
+ ])
+ error_message = "Invalid taint effect."
+ }
}
diff --git a/modules/gke-nodepool/versions.tf b/modules/gke-nodepool/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/gke-nodepool/versions.tf
+++ b/modules/gke-nodepool/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/iam-service-account/versions.tf b/modules/iam-service-account/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/iam-service-account/versions.tf
+++ b/modules/iam-service-account/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/kms/versions.tf b/modules/kms/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/kms/versions.tf
+++ b/modules/kms/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/logging-bucket/versions.tf b/modules/logging-bucket/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/logging-bucket/versions.tf
+++ b/modules/logging-bucket/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/ncc-spoke-ra/versions.tf b/modules/ncc-spoke-ra/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/ncc-spoke-ra/versions.tf
+++ b/modules/ncc-spoke-ra/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-address/versions.tf b/modules/net-address/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-address/versions.tf
+++ b/modules/net-address/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-cloudnat/versions.tf b/modules/net-cloudnat/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-cloudnat/versions.tf
+++ b/modules/net-cloudnat/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-firewall-policy/versions.tf b/modules/net-firewall-policy/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-firewall-policy/versions.tf
+++ b/modules/net-firewall-policy/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-ipsec-over-interconnect/versions.tf b/modules/net-ipsec-over-interconnect/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-ipsec-over-interconnect/versions.tf
+++ b/modules/net-ipsec-over-interconnect/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-app-ext/README.md b/modules/net-lb-app-ext/README.md
index 159d4c9f5..f404f105e 100644
--- a/modules/net-lb-app-ext/README.md
+++ b/modules/net-lb-app-ext/README.md
@@ -12,6 +12,7 @@ Due to the complexity of the underlying resources, changes to the configuration
- [Minimal HTTPS examples](#minimal-https-examples)
- [HTTP backends](#http-backends)
- [HTTPS backends](#https-backends)
+ - [HTTP to HTTPS redirect](#http-to-https-redirect)
- [Classic vs Non-classic](#classic-vs-non-classic)
- [Health Checks](#health-checks)
- [Backend Types and Management](#backend-types-and-management)
@@ -32,7 +33,6 @@ Due to the complexity of the underlying resources, changes to the configuration
- [Outputs](#outputs)
-
### Minimal HTTP Example
An HTTP load balancer with a backend service pointing to a GCE instance group:
@@ -123,6 +123,63 @@ module "glb-0" {
# tftest modules=1 resources=6
```
+#### HTTP to HTTPS redirect
+
+Redirect is implemented via an additional HTTP load balancer with a custom URL map, similarly to how it's done via the GCP Console. The address shared by the two load balancers needs to be reserved.
+
+```hcl
+module "addresses" {
+ source = "./fabric/modules/net-address"
+ project_id = "myprj"
+ global_addresses = ["glb-test-0"]
+}
+
+module "glb-test-0-redirect" {
+ source = "./fabric/modules/net-lb-app-ext"
+ project_id = "myprj"
+ name = "glb-test-0-redirect"
+ address = (
+ module.addresses.global_addresses["glb-test-0"].address
+ )
+ health_check_configs = {}
+ urlmap_config = {
+ description = "URL redirect for glb-test-0."
+ default_url_redirect = {
+ https = true
+ response_code = "MOVED_PERMANENTLY_DEFAULT"
+ }
+ }
+}
+
+module "glb-test-0" {
+ source = "./fabric/modules/net-lb-app-ext"
+ project_id = "myprj"
+ name = "glb-test-0"
+ use_classic_version = false
+ address = (
+ module.addresses.global_addresses["glb-test-0"].address
+ )
+ backend_service_configs = {
+ default = {
+ backends = [
+ { backend = "projects/myprj/zones/europe-west8-b/instanceGroups/myig-b" },
+ ]
+ protocol = "HTTP"
+ }
+ }
+ protocol = "HTTPS"
+ ssl_certificates = {
+ managed_configs = {
+ default = {
+ domains = ["glb-test.example.com"]
+ }
+ }
+ }
+}
+
+# tftest modules=3 resources=10
+```
+
### Classic vs Non-classic
The module uses a classic Global Load Balancer by default. To use the non-classic version set the `use_classic_version` variable to `false` as in the following example, note that the module is not enforcing feature sets between the two versions:
@@ -782,7 +839,6 @@ module "glb-0" {
-
## Files
| name | description | resources |
@@ -819,7 +875,7 @@ module "glb-0" {
| [ports](variables.tf#L187) | Optional ports for HTTP load balancer, valid ports are 80 and 8080. | list(string) | | null |
| [protocol](variables.tf#L198) | Protocol supported by this load balancer. | string | | "HTTP" |
| [ssl_certificates](variables.tf#L211) | SSL target proxy certificates (only if protocol is HTTPS) for existing, custom, and managed certificates. | object({…}) | | {} |
-| [urlmap_config](variables-urlmap.tf#L19) | The URL map configuration. | object({…}) | | {…} |
+| [urlmap_config](variables-urlmap.tf#L19) | The URL map configuration. | object({…}) | | {…} |
| [use_classic_version](variables.tf#L228) | Use classic Global Load Balancer. | bool | | true |
## Outputs
@@ -834,5 +890,4 @@ module "glb-0" {
| [health_check_ids](outputs.tf#L48) | Autogenerated health check ids. | |
| [id](outputs.tf#L55) | Fully qualified forwarding rule id. | |
| [neg_ids](outputs.tf#L60) | Autogenerated network endpoint group ids. | |
-
diff --git a/modules/net-lb-app-ext/variables-urlmap.tf b/modules/net-lb-app-ext/variables-urlmap.tf
index e4b72dfec..8cf7d7ec2 100644
--- a/modules/net-lb-app-ext/variables-urlmap.tf
+++ b/modules/net-lb-app-ext/variables-urlmap.tf
@@ -83,7 +83,7 @@ variable "urlmap_config" {
path = optional(string)
prefix = optional(string)
response_code = optional(string)
- strip_query = optional(bool)
+ strip_query = optional(bool, false)
}))
header_action = optional(object({
request_add = optional(map(object({
diff --git a/modules/net-lb-app-ext/versions.tf b/modules/net-lb-app-ext/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-lb-app-ext/versions.tf
+++ b/modules/net-lb-app-ext/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-app-int/README.md b/modules/net-lb-app-int/README.md
index add393c14..29b356330 100644
--- a/modules/net-lb-app-int/README.md
+++ b/modules/net-lb-app-int/README.md
@@ -241,6 +241,7 @@ Similarly to instance groups, NEGs can also be managed by this module which supp
```hcl
resource "google_compute_address" "test" {
+ project = var.project_id
name = "neg-test"
subnetwork = var.subnet.self_link
address_type = "INTERNAL"
diff --git a/modules/net-lb-app-int/versions.tf b/modules/net-lb-app-int/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-lb-app-int/versions.tf
+++ b/modules/net-lb-app-int/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-ext/versions.tf b/modules/net-lb-ext/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-lb-ext/versions.tf
+++ b/modules/net-lb-ext/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-int/versions.tf b/modules/net-lb-int/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-lb-int/versions.tf
+++ b/modules/net-lb-int/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-lb-proxy-int/README.md b/modules/net-lb-proxy-int/README.md
index e606b6bc2..85f9716c6 100644
--- a/modules/net-lb-proxy-int/README.md
+++ b/modules/net-lb-proxy-int/README.md
@@ -155,6 +155,7 @@ Similarly to instance groups, NEGs can also be managed by this module which supp
```hcl
resource "google_compute_address" "test" {
+ project = var.project_id
name = "neg-test"
subnetwork = var.subnet.self_link
address_type = "INTERNAL"
diff --git a/modules/net-lb-proxy-int/versions.tf b/modules/net-lb-proxy-int/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-lb-proxy-int/versions.tf
+++ b/modules/net-lb-proxy-int/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-swp/versions.tf b/modules/net-swp/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-swp/versions.tf
+++ b/modules/net-swp/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-vlan-attachment/versions.tf b/modules/net-vlan-attachment/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-vlan-attachment/versions.tf
+++ b/modules/net-vlan-attachment/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-vpc-firewall/versions.tf b/modules/net-vpc-firewall/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-vpc-firewall/versions.tf
+++ b/modules/net-vpc-firewall/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-vpc-peering/versions.tf b/modules/net-vpc-peering/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-vpc-peering/versions.tf
+++ b/modules/net-vpc-peering/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-vpc/versions.tf b/modules/net-vpc/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-vpc/versions.tf
+++ b/modules/net-vpc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-vpn-dynamic/versions.tf b/modules/net-vpn-dynamic/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-vpn-dynamic/versions.tf
+++ b/modules/net-vpn-dynamic/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-vpn-ha/versions.tf b/modules/net-vpn-ha/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-vpn-ha/versions.tf
+++ b/modules/net-vpn-ha/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/net-vpn-static/versions.tf b/modules/net-vpn-static/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/net-vpn-static/versions.tf
+++ b/modules/net-vpn-static/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/organization/versions.tf
+++ b/modules/organization/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/project/README.md b/modules/project/README.md
index 3fddf95f9..8a2a1b4e5 100644
--- a/modules/project/README.md
+++ b/modules/project/README.md
@@ -606,7 +606,7 @@ output "compute_robot" {
| [lien_reason](variables.tf#L120) | If non-empty, creates a project lien with this description. | string | | null |
| [logging_data_access](variables.tf#L126) | Control activation of data access logs. Format is service => { log type => [exempted members]}. The special 'allServices' key denotes configuration for all services. | map(map(list(string))) | | {} |
| [logging_exclusions](variables.tf#L141) | Logging exclusions for this project in the form {NAME -> FILTER}. | map(string) | | {} |
-| [logging_sinks](variables.tf#L148) | Logging sinks to create for this project. | map(object({…})) | | {} |
+| [logging_sinks](variables.tf#L148) | Logging sinks to create for this project. | map(object({…})) | | {} |
| [metric_scopes](variables.tf#L179) | List of projects that will act as metric scopes for this project. | list(string) | | [] |
| [org_policies](variables.tf#L191) | Organization policies applied to this project keyed by policy name. | map(object({…})) | | {} |
| [org_policies_data_path](variables.tf#L218) | Path containing org policies in YAML format. | string | | null |
diff --git a/modules/project/variables.tf b/modules/project/variables.tf
index 68f8b6c02..3a1a8eff2 100644
--- a/modules/project/variables.tf
+++ b/modules/project/variables.tf
@@ -156,7 +156,7 @@ variable "logging_sinks" {
filter = string
iam = optional(bool, true)
type = string
- unique_writer = optional(bool)
+ unique_writer = optional(bool, true)
}))
default = {}
nullable = false
diff --git a/modules/project/versions.tf b/modules/project/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/project/versions.tf
+++ b/modules/project/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/projects-data-source/versions.tf b/modules/projects-data-source/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/projects-data-source/versions.tf
+++ b/modules/projects-data-source/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/pubsub/versions.tf b/modules/pubsub/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/pubsub/versions.tf
+++ b/modules/pubsub/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/secret-manager/main.tf b/modules/secret-manager/main.tf
index 73932b5e0..1a17ac21c 100644
--- a/modules/secret-manager/main.tf
+++ b/modules/secret-manager/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -44,7 +44,8 @@ resource "google_secret_manager_secret" "default" {
dynamic "replication" {
for_each = each.value == null ? [""] : []
content {
- automatic = true
+ # TODO(jccb): support custom keys inside auto
+ auto {}
}
}
diff --git a/modules/secret-manager/versions.tf b/modules/secret-manager/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/secret-manager/versions.tf
+++ b/modules/secret-manager/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/service-directory/README.md b/modules/service-directory/README.md
index d79c53043..3b16cbeb1 100644
--- a/modules/service-directory/README.md
+++ b/modules/service-directory/README.md
@@ -88,7 +88,7 @@ module "dns-sd" {
}
}
}
-# tftest modules=2 resources=6 inventory=dns.yaml
+# tftest modules=2 resources=5 inventory=dns.yaml
```
diff --git a/modules/service-directory/versions.tf b/modules/service-directory/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/service-directory/versions.tf
+++ b/modules/service-directory/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/source-repository/versions.tf b/modules/source-repository/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/source-repository/versions.tf
+++ b/modules/source-repository/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/modules/vpc-sc/versions.tf b/modules/vpc-sc/versions.tf
index 91a91a314..3963660f0 100644
--- a/modules/vpc-sc/versions.tf
+++ b/modules/vpc-sc/versions.tf
@@ -17,11 +17,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.82.0" # tftest
+ version = ">= 5.0.0" # tftest
}
}
}
diff --git a/tests/blueprints/factories/project_factory/examples/example.yaml b/tests/blueprints/factories/project_factory/examples/example.yaml
index 086fbd55c..859ec2ee2 100644
--- a/tests/blueprints/factories/project_factory/examples/example.yaml
+++ b/tests/blueprints/factories/project_factory/examples/example.yaml
@@ -30,7 +30,7 @@ values:
module.project-factory.module.projects["prj-app-1"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-67890A-BCDEF0
- folder_id: "12345678"
+ folder_id: '12345678'
labels:
app: app-1
environment: test
@@ -59,10 +59,36 @@ values:
- ALL
parent: projects/test-pf-prj-app-2
timeouts: null
+ ? module.project-factory.module.projects["prj-app-2"].google_org_policy_policy.default["compute.disableGuestAttributesAccess"]
+ : name: projects/test-pf-prj-app-2/policies/compute.disableGuestAttributesAccess
+ parent: projects/test-pf-prj-app-2
+ spec:
+ - inherit_from_parent: null
+ reset: null
+ rules:
+ - allow_all: null
+ condition: []
+ deny_all: null
+ enforce: 'FALSE'
+ values: []
+ timeouts: null
+ ? module.project-factory.module.projects["prj-app-2"].google_org_policy_policy.default["iam.disableServiceAccountKeyCreation"]
+ : name: projects/test-pf-prj-app-2/policies/iam.disableServiceAccountKeyCreation
+ parent: projects/test-pf-prj-app-2
+ spec:
+ - inherit_from_parent: null
+ reset: null
+ rules:
+ - allow_all: null
+ condition: []
+ deny_all: null
+ enforce: 'FALSE'
+ values: []
+ timeouts: null
module.project-factory.module.projects["prj-app-2"].google_project.project[0]:
auto_create_network: false
billing_account: 012345-67890A-ABCDEF
- folder_id: "12345678"
+ folder_id: '12345678'
labels:
app: app-1
environment: test
@@ -103,12 +129,12 @@ values:
counts:
google_essential_contacts_contact: 2
google_kms_crypto_key_iam_member: 1
+ google_org_policy_policy: 2
google_project: 2
google_project_service: 3
google_service_account: 3
google_storage_project_service_account: 1
modules: 6
- resources: 12
+ resources: 14
outputs: {}
-
diff --git a/tests/fast/stages/s2_networking_a_peering/stage.yaml b/tests/fast/stages/s2_networking_a_peering/stage.yaml
index 85b123afb..7c9212b61 100644
--- a/tests/fast/stages/s2_networking_a_peering/stage.yaml
+++ b/tests/fast/stages/s2_networking_a_peering/stage.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,4 +14,4 @@
counts:
modules: 28
- resources: 154
+ resources: 145
diff --git a/tests/fast/stages/s2_networking_b_vpn/stage.yaml b/tests/fast/stages/s2_networking_b_vpn/stage.yaml
index 831bcd500..3c65fddf2 100644
--- a/tests/fast/stages/s2_networking_b_vpn/stage.yaml
+++ b/tests/fast/stages/s2_networking_b_vpn/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 30
- resources: 191
+ resources: 182
diff --git a/tests/fast/stages/s2_networking_c_nva/stage.yaml b/tests/fast/stages/s2_networking_c_nva/stage.yaml
index ff699bf95..431364482 100644
--- a/tests/fast/stages/s2_networking_c_nva/stage.yaml
+++ b/tests/fast/stages/s2_networking_c_nva/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 42
- resources: 201
+ resources: 192
diff --git a/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml b/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml
index fe8ab2d6b..701e186af 100644
--- a/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml
+++ b/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 21
- resources: 171
+ resources: 165
diff --git a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
index 2c1d072ec..66338505f 100644
--- a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
+++ b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 36
- resources: 212
+ resources: 203
diff --git a/tests/modules/cloud_function_v2/examples/iam.yaml b/tests/modules/cloud_function_v2/examples/iam.yaml
index 4bbd66533..21b1eff65 100644
--- a/tests/modules/cloud_function_v2/examples/iam.yaml
+++ b/tests/modules/cloud_function_v2/examples/iam.yaml
@@ -24,19 +24,10 @@ values:
module.cf-http.google_cloudfunctions2_function.function: {}
module.cf-http.google_storage_bucket_object.bundle:
bucket: test-cf-bundles
- cache_control: null
- content: null
- content_disposition: null
- content_encoding: null
- content_language: null
customer_encryption: []
detect_md5hash: different hash
- event_based_hold: null
- metadata: null
name: bundle-6f1ece136848fee658e335b05fe2d79d.zip
source: bundle.zip
- temporary_hold: null
- timeouts: null
counts:
google_cloud_run_service_iam_binding: 1
@@ -45,5 +36,4 @@ counts:
modules: 1
resources: 3
-outputs: {}
diff --git a/tests/modules/cloud_run/examples/trigger-service-account-external.yaml b/tests/modules/cloud_run/examples/trigger-service-account-external.yaml
index 45d15ea43..5de6a53b4 100644
--- a/tests/modules/cloud_run/examples/trigger-service-account-external.yaml
+++ b/tests/modules/cloud_run/examples/trigger-service-account-external.yaml
@@ -45,7 +45,6 @@ values:
service: hello
gke: []
workflow: null
- event_data_content_type: null
labels: null
location: europe-west1
matching_criteria:
diff --git a/tests/modules/cloud_run/examples/trigger-service-account.yaml b/tests/modules/cloud_run/examples/trigger-service-account.yaml
index 92b8fce8b..35117b795 100644
--- a/tests/modules/cloud_run/examples/trigger-service-account.yaml
+++ b/tests/modules/cloud_run/examples/trigger-service-account.yaml
@@ -51,7 +51,6 @@ values:
service: hello
gke: []
workflow: null
- event_data_content_type: null
labels: null
location: europe-west1
matching_criteria:
@@ -74,7 +73,6 @@ values:
service: hello
gke: []
workflow: null
- event_data_content_type: null
labels: null
location: europe-west1
matching_criteria:
diff --git a/tests/modules/dns/examples/peering-zone.yaml b/tests/modules/dns/examples/peering-zone.yaml
index ea3996ed0..f9ab8494a 100644
--- a/tests/modules/dns/examples/peering-zone.yaml
+++ b/tests/modules/dns/examples/peering-zone.yaml
@@ -30,5 +30,3 @@ values:
counts:
google_dns_managed_zone: 1
-
-outputs: {}
diff --git a/tests/modules/dns/examples/public-zone.yaml b/tests/modules/dns/examples/public-zone.yaml
index 69f275998..e47660840 100644
--- a/tests/modules/dns/examples/public-zone.yaml
+++ b/tests/modules/dns/examples/public-zone.yaml
@@ -29,11 +29,6 @@ values:
type: A
counts:
- google_dns_keys: 1
google_dns_managed_zone: 1
google_dns_record_set: 1
google_dns_managed_zone_iam_binding: 1
- modules: 1
- resources: 4
-
-outputs: {}
diff --git a/tests/modules/dns/examples/reverse-zone.yaml b/tests/modules/dns/examples/reverse-zone.yaml
index 9798ced98..8d0b24650 100644
--- a/tests/modules/dns/examples/reverse-zone.yaml
+++ b/tests/modules/dns/examples/reverse-zone.yaml
@@ -23,5 +23,3 @@ values:
counts:
google_dns_managed_zone: 1
-
-outputs: {}
diff --git a/tests/modules/project/examples/logging.yaml b/tests/modules/project/examples/logging.yaml
index 9902c0adc..9634d8d10 100644
--- a/tests/modules/project/examples/logging.yaml
+++ b/tests/modules/project/examples/logging.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -33,7 +33,7 @@ values:
filter: severity=DEBUG
name: debug
project: my-project
- unique_writer_identity: false
+ unique_writer_identity: true
module.project-host.google_logging_project_sink.sink["info"]:
description: info (Terraform-managed).
disabled: false
@@ -41,7 +41,7 @@ values:
filter: severity=INFO
name: info
project: my-project
- unique_writer_identity: false
+ unique_writer_identity: true
module.project-host.google_logging_project_sink.sink["notice"]:
description: notice (Terraform-managed).
disabled: false
@@ -49,7 +49,7 @@ values:
filter: severity=NOTICE
name: notice
project: my-project
- unique_writer_identity: false
+ unique_writer_identity: true
module.project-host.google_logging_project_sink.sink["warnings"]:
description: warnings (Terraform-managed).
destination: storage.googleapis.com/gcs_sink
@@ -58,7 +58,7 @@ values:
filter: severity=WARNING
name: warnings
project: my-project
- unique_writer_identity: false
+ unique_writer_identity: true
module.project-host.google_project.project[0]:
auto_create_network: false
billing_account: 123456-123456-123456
diff --git a/tests/modules/secret_manager/examples/iam.yaml b/tests/modules/secret_manager/examples/iam.yaml
index 98fae344e..e3dcebb24 100644
--- a/tests/modules/secret_manager/examples/iam.yaml
+++ b/tests/modules/secret_manager/examples/iam.yaml
@@ -16,13 +16,14 @@ values:
module.secret-manager.google_secret_manager_secret.default["test-auto"]:
project: my-project
replication:
- - automatic: true
+ - auto:
+ - customer_managed_encryption: []
user_managed: []
secret_id: test-auto
module.secret-manager.google_secret_manager_secret.default["test-manual"]:
project: my-project
replication:
- - automatic: null
+ - auto: []
user_managed:
- replicas:
- customer_managed_encryption: []
diff --git a/tests/modules/vpc_sc/examples/bridge.yaml b/tests/modules/vpc_sc/examples/bridge.yaml
index 4ff1246a6..e062d04d0 100644
--- a/tests/modules/vpc_sc/examples/bridge.yaml
+++ b/tests/modules/vpc_sc/examples/bridge.yaml
@@ -48,7 +48,7 @@ values:
- access_levels: null
egress_policies: []
ingress_policies: []
- resources: []
+ resources: null
restricted_services: null
vpc_accessible_services: []
title: b2