Fix pre-commit hook (#3882)
This commit is contained in:
Luca Prete
1
.gitignore
vendored
1
.gitignore
vendored
@@ -32,4 +32,3 @@ node_modules
|
||||
fast/**/globals.auto.tfvars.json
|
||||
cloud_sql_proxy
|
||||
env/
|
||||
|
||||
|
||||
@@ -150,6 +150,7 @@ repos:
|
||||
(?x)^(
|
||||
/templates/.*|
|
||||
modules/cloud-config-container/.*|
|
||||
.*/0-org-setup/assets/workflow-.*\.yaml
|
||||
)$
|
||||
|
||||
- repo: https://github.com/jumanjihouse/pre-commit-hooks
|
||||
@@ -172,6 +173,7 @@ repos:
|
||||
(?x)^(
|
||||
/templates/.*|
|
||||
modules/cloud-config-container/.*|
|
||||
.*/0-org-setup/assets/workflow-.*\.yaml
|
||||
)$
|
||||
|
||||
- repo: https://github.com/google/yapf/
|
||||
|
||||
2
.vscode/settings.json
vendored
2
.vscode/settings.json
vendored
@@ -38,4 +38,4 @@
|
||||
"data/**/ingress-policies/**/*yaml"
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -451,7 +451,7 @@ labels:
|
||||
|
||||
#### Context-based interpolation
|
||||
|
||||
When designing factories, a common challenge is referencing resources that will be created at runtime or are managed externally (e.g., assigning a service account created in one project to a role in another, or referencing a folder ID by a mnemonic name).
|
||||
When designing factories, a common challenge is referencing resources that will be created at runtime or are managed externally (e.g., assigning a service account created in one project to a role in another, or referencing a folder ID by a mnemonic name).
|
||||
|
||||
To solve this, a **context-based interpolation** system is implemented. A `context` object variable is introduced containing maps of known resource IDs (like `project_ids`, `folder_ids`, `iam_principals`), and a `$` prefix convention is used in the YAML strings to instruct the module to look up the actual ID at plan time.
|
||||
|
||||
@@ -1063,9 +1063,9 @@ tests:
|
||||
- test-plan-extra.tfvars
|
||||
inventory:
|
||||
- test-plan.yaml
|
||||
# You can use `extra_files` to include additional tf files outside
|
||||
# You can use `extra_files` to include additional tf files outside
|
||||
# the module's path before running the test.
|
||||
# extra_files:
|
||||
# extra_files:
|
||||
# - ../plugin-x/*.tf
|
||||
|
||||
# You can omit the tfvars and inventory sections and they will
|
||||
@@ -1083,7 +1083,7 @@ A good example of tests showing different ways of leveraging our framework is in
|
||||
|
||||
### Debugging Terraform Context & Locals
|
||||
|
||||
When troubleshooting how variables, context, or locals are being evaluated during a `plan` (especially within factories or FAST stages), do not rely solely on `pytest` failure outputs or `grep`.
|
||||
When troubleshooting how variables, context, or locals are being evaluated during a `plan` (especially within factories or FAST stages), do not rely solely on `pytest` failure outputs or `grep`.
|
||||
|
||||
**ALWAYS** use a fast-failing `terraform_data` precondition to dump the exact runtime state of the data structure. Inject this snippet temporarily into the module being debugged:
|
||||
|
||||
@@ -1092,7 +1092,7 @@ resource "terraform_data" "debug_dump" {
|
||||
lifecycle {
|
||||
precondition {
|
||||
# The condition is intentionally designed to fail to trigger the error_message
|
||||
condition = local.target_variable == null
|
||||
condition = local.target_variable == null
|
||||
error_message = yamlencode(local.target_variable)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -140,7 +140,7 @@ For production/airgapped usage, customers may also mirror modules to a private r
|
||||
## Should you choose Fabric or CFT?
|
||||
|
||||
> You/Your organization is knowledgeable in Terraform and interested in forking and owning a collection of modules.
|
||||
|
||||
|
||||
Fabric is a better choice as it bootstraps you with a collection of modules out of the box that can be customized exactly to fit your organization needs.
|
||||
|
||||
> You/Your organization is getting started with Terraform and interested in GCP best practices out of the box.
|
||||
@@ -148,11 +148,11 @@ For production/airgapped usage, customers may also mirror modules to a private r
|
||||
CFT is a better choice as it allows you to directly reference specific modules from the registry and provide opinionated configuration by default.
|
||||
|
||||
> You/Your organization is looking to rapidly prototype some functionality on GCP.
|
||||
|
||||
|
||||
Fabric is a better choice. Being a mono repo it allows you to get started quickly with all your source code in one place for easier debugging.
|
||||
|
||||
> You/Your organization has existing infrastructure and processes but want to start adopting IaC gradually.
|
||||
|
||||
|
||||
CFT is designed to be modular and off the shelf, providing higher level abstractions to product groups which allows certain teams to adopt Terraform without maintenance burden while allowing others to follow existing practices.
|
||||
|
||||
## Using Fabric and CFT together
|
||||
|
||||
@@ -84,7 +84,7 @@ python3 tools/check_boilerplate.py --scan-files <files>
|
||||
|
||||
#### 2. Testing
|
||||
|
||||
Our testing philosophy is simple: test to ensure the code works and does not break due to dependency changes. **Example-based testing via `README.md` is the preferred approach.**
|
||||
Our testing philosophy is simple: test to ensure the code works and does not break due to dependency changes. **Example-based testing via `README.md` is the preferred approach.**
|
||||
|
||||
Tests are triggered from HCL Markdown fenced code blocks using a special `# tftest` directive at the end of the block.
|
||||
|
||||
@@ -208,7 +208,7 @@ Modify one existing README example (do not add a new one) to demonstrate context
|
||||
|
||||
## Architecture & Conventions
|
||||
|
||||
* **Variables & Interfaces:**
|
||||
* **Variables & Interfaces:**
|
||||
* Prefer object variables (e.g., `iam = { ... }`) over many individual scalar variables.
|
||||
* Design compact variable spaces by leveraging Terraform's `optional()` function with defaults extensively.
|
||||
* Use maps instead of lists for multiple items to ensure stable keys in state and avoid `for_each` dynamic value issues.
|
||||
@@ -226,7 +226,7 @@ Modify one existing README example (do not add a new one) to demonstrate context
|
||||
|
||||
## Debugging Terraform Context & Locals
|
||||
|
||||
When troubleshooting how variables, context, or locals are being evaluated during a `plan` (especially within factories or FAST stages), do not rely solely on `pytest` failure outputs or `grep`.
|
||||
When troubleshooting how variables, context, or locals are being evaluated during a `plan` (especially within factories or FAST stages), do not rely solely on `pytest` failure outputs or `grep`.
|
||||
|
||||
**ALWAYS** use a fast-failing `terraform_data` precondition to dump the exact runtime state of the data structure. Inject this snippet temporarily into the module being debugged:
|
||||
|
||||
@@ -235,7 +235,7 @@ resource "terraform_data" "debug_dump" {
|
||||
lifecycle {
|
||||
precondition {
|
||||
# The condition is intentionally designed to fail to trigger the error_message
|
||||
condition = local.target_variable == null
|
||||
condition = local.target_variable == null
|
||||
error_message = yamlencode(local.target_variable)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,7 +13,7 @@ We need to define a variable to manage tag bindings in our Terraform modules. Th
|
||||
|
||||
## Decision:
|
||||
|
||||
We will use the `map(string)` type for the `tag_bindings` variable across all modules where it's needed.
|
||||
We will use the `map(string)` type for the `tag_bindings` variable across all modules where it's needed.
|
||||
|
||||
## Consequences
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Add-on stages
|
||||
|
||||
**authors:** [Ludo](https://github.com/ludoo), [Julio](https://github.com/juliocc)
|
||||
**authors:** [Ludo](https://github.com/ludoo), [Julio](https://github.com/juliocc)
|
||||
**date:** Jan 5, 2025
|
||||
|
||||
## Status
|
||||
@@ -54,7 +54,7 @@ fast
|
||||
├── 0-bootstrap
|
||||
├── 1-resman
|
||||
├── 1-vpcsc
|
||||
├── 2-networking
|
||||
├── 2-networking
|
||||
├── 2-networking-legacy-a-simple
|
||||
├── 2-networking-legacy-b-nva
|
||||
├── 2-networking-legacy-c-separate-envs
|
||||
|
||||
@@ -99,4 +99,3 @@ With notable exceptions (currently only the `cidrs.yaml` file consumed by firewa
|
||||
- Files in a directory should be parsed together and flattened into a single dictionary
|
||||
|
||||
This allows developers to implement multiple resources in a single file or to use one file per resource, as they see fit.
|
||||
|
||||
|
||||
@@ -290,4 +290,4 @@
|
||||
</svg>
|
||||
</div>
|
||||
</foreignObject>
|
||||
</svg>
|
||||
</svg>
|
||||
|
||||
|
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 24 KiB |
@@ -2,4 +2,4 @@ FAST_STAGE_DESCRIPTION="NGFW Enterprise networking add-on"
|
||||
FAST_STAGE_LEVEL=2
|
||||
FAST_STAGE_NAME=networking-ngfw
|
||||
FAST_STAGE_DEPS="0-globals 0-org-setup 2-networking"
|
||||
FAST_STAGE_OPTIONAL="2-security"
|
||||
FAST_STAGE_OPTIONAL="2-security"
|
||||
|
||||
@@ -70,4 +70,3 @@ variable "vpc_self_links" {
|
||||
nullable = false
|
||||
default = {}
|
||||
}
|
||||
|
||||
|
||||
@@ -64,4 +64,3 @@ variable "vpc_self_links" {
|
||||
nullable = false
|
||||
default = {}
|
||||
}
|
||||
|
||||
|
||||
@@ -61,4 +61,4 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,5 +23,3 @@
|
||||
- items: *string*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -29,4 +29,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,5 +15,3 @@
|
||||
- items: *string*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -25,5 +25,3 @@ terraform {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -33,4 +33,4 @@ groups = {
|
||||
path = "gcp-org-admins"
|
||||
description = "GCP Organization administrators"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -90,4 +90,4 @@ runcmd:
|
||||
# - iptables -I INPUT 1 -p tcp -m tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
|
||||
- systemctl daemon-reload
|
||||
- systemctl start azp-token
|
||||
- systemctl start azp-agent
|
||||
- systemctl start azp-agent
|
||||
|
||||
@@ -85,4 +85,4 @@ resource "google_managed_kafka_topic" "topics" {
|
||||
partition_count = each.value.partition_count
|
||||
replication_factor = each.value.replication_factor
|
||||
configs = each.value.configs
|
||||
}
|
||||
}
|
||||
|
||||
@@ -31,4 +31,4 @@ output "kafka_labels" {
|
||||
|
||||
output "project_number" {
|
||||
value = data.google_project.service_project.number
|
||||
}
|
||||
}
|
||||
|
||||
@@ -57,4 +57,4 @@ variable "topics" {
|
||||
}))
|
||||
description = "The list of topics to create in the Kafka cluster."
|
||||
default = []
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,4 +23,4 @@ google-cloud-storage
|
||||
click==8.1.3
|
||||
google-cloud-dlp
|
||||
google-cloud-logging
|
||||
secops
|
||||
secops
|
||||
|
||||
@@ -2,4 +2,4 @@ FAST_STAGE_DESCRIPTION="FAST Organization Setup"
|
||||
FAST_STAGE_LEVEL=0
|
||||
FAST_STAGE_NAME=org-setup
|
||||
# FAST_STAGE_DEPS="0-globals 0-org-setup"
|
||||
# FAST_STAGE_OPTIONAL=""
|
||||
# FAST_STAGE_OPTIONAL=""
|
||||
|
||||
@@ -338,7 +338,7 @@ As per October 2025, a bug exits providing misleading error message `Error 409:
|
||||
|
||||
```
|
||||
│ Error: Error creating Policy: googleapi: Error 409: Requested entity already exists
|
||||
│
|
||||
│
|
||||
│ with module.organization-iam[0].google_org_policy_policy.default["custom.gkeRequireVPCNativeCluster"],
|
||||
│ on ../../../modules/organization/organization-policies.tf line 105, in resource "google_org_policy_policy" "default":
|
||||
│ 105: resource "google_org_policy_policy" "default" {
|
||||
@@ -398,7 +398,7 @@ If you get this kind of error, it means that Security Command Center Premium or
|
||||
|
||||
```bash
|
||||
Error: Error creating OrganizationSecurityHealthAnalyticsCustomModule: googleapi: Error 404: Parent resource "organizations/1234567890/locations/global" not found.
|
||||
│
|
||||
│
|
||||
│ with module.organization[0].google_scc_management_organization_security_health_analytics_custom_module.scc_organization_custom_module["cloudfunctionsV1RequireIngressInternalAndLoadBalancer"],
|
||||
│ on ../../../modules/organization/scc-sha-custom-modules.tf line 49, in resource "google_scc_management_organization_security_health_analytics_custom_module" "scc_organization_custom_module":
|
||||
│ 49: resource "google_scc_management_organization_security_health_analytics_custom_module" "scc_organization_custom_module" {
|
||||
|
||||
@@ -21,4 +21,3 @@ includedPermissions:
|
||||
- resourcemanager.folders.getIamPolicy
|
||||
- resourcemanager.folders.list
|
||||
- resourcemanager.folders.searchPolicyBindings
|
||||
|
||||
|
||||
@@ -20,4 +20,3 @@ includedPermissions:
|
||||
- iam.serviceAccounts.get
|
||||
- iam.serviceAccounts.getIamPolicy
|
||||
- iam.serviceAccounts.list
|
||||
|
||||
|
||||
@@ -26,4 +26,3 @@
|
||||
# - "in:eu-locations"
|
||||
# - "in:europe-west1-locations"
|
||||
# - "in:europe-west4-locations"
|
||||
|
||||
|
||||
@@ -12,4 +12,4 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# FAST release: v55.0.0
|
||||
# FAST release: v55.0.0
|
||||
|
||||
@@ -104,4 +104,3 @@ resource "terraform_data" "precondition" {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -61,5 +61,3 @@ module "projects-observability" {
|
||||
observability = local.paths.observability
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -50,4 +50,3 @@ output "vpc_self_links" {
|
||||
for k, v in module.vpcs.vpcs : k => v.id
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -203,4 +203,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -64,5 +64,3 @@
|
||||
- **filter**: *string*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -176,4 +176,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -135,4 +135,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -32,5 +32,3 @@
|
||||
- ⁺**iam_principalsets**: *object*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -39,4 +39,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,5 +18,3 @@
|
||||
- items: *string*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -15,4 +15,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,5 +12,3 @@
|
||||
<br>*pattern: ^[a-zA-Z-]+\.[a-zA-Z-]+\.[a-zA-Z-]+$*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -924,4 +924,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -101,4 +101,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -973,4 +973,4 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -514,4 +514,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -845,4 +845,4 @@
|
||||
"additionalProperties": false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1866,4 +1866,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -48,4 +48,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,5 +15,3 @@
|
||||
- ⁺**severity**: *string*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -152,4 +152,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -295,4 +295,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,4 +2,4 @@ FAST_STAGE_DESCRIPTION="vpc service controls"
|
||||
FAST_STAGE_LEVEL=1
|
||||
FAST_STAGE_NAME=vpcsc
|
||||
FAST_STAGE_DEPS="0-globals 0-org-setup"
|
||||
# FAST_STAGE_OPTIONAL=""
|
||||
# FAST_STAGE_OPTIONAL=""
|
||||
|
||||
@@ -12,4 +12,4 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# FAST release: v55.0.0
|
||||
# FAST release: v55.0.0
|
||||
|
||||
@@ -40,5 +40,3 @@
|
||||
- items: *string*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -182,4 +182,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -97,4 +97,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -35,5 +35,3 @@
|
||||
- items: *string*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -90,4 +90,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -31,5 +31,3 @@
|
||||
- items: *string*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -117,4 +117,4 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,4 +6,4 @@
|
||||
"auth_url": "https://auth.cloud.berlin-build0.goog/authorize",
|
||||
"token_url": "https://sts.apis-berlin-build0.goog/v1/oauthtoken",
|
||||
"token_info_url": "https://sts.apis-berlin-build0.goog/v1/introspect"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,4 +2,4 @@ FAST_STAGE_DESCRIPTION="networking"
|
||||
FAST_STAGE_LEVEL=2
|
||||
FAST_STAGE_NAME=networking
|
||||
FAST_STAGE_DEPS="0-globals 0-org-setup"
|
||||
FAST_STAGE_OPTIONAL="1-vpcsc 2-networking-ngfw"
|
||||
FAST_STAGE_OPTIONAL="1-vpcsc 2-networking-ngfw"
|
||||
|
||||
@@ -46,8 +46,8 @@ locals {
|
||||
]...),
|
||||
{}
|
||||
)
|
||||
# Read and decode the discovered YAML files. This step also injects VPC-level
|
||||
# inferred attributes into each configuration, such as the `project_id` and
|
||||
# Read and decode the discovered YAML files. This step also injects VPC-level
|
||||
# inferred attributes into each configuration, such as the `project_id` and
|
||||
# `network`, ensuring each attachment is correctly associated with its parent VPC.
|
||||
_vlan_attachments_preprocess = {
|
||||
for k, v in local._vlan_attachments_files : k => merge(
|
||||
|
||||
@@ -12,4 +12,4 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# FAST release: v55.0.0
|
||||
# FAST release: v55.0.0
|
||||
|
||||
@@ -843,4 +843,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -53,4 +53,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,5 +24,3 @@
|
||||
- items: *string*
|
||||
|
||||
## Definitions
|
||||
|
||||
|
||||
|
||||
@@ -266,4 +266,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -160,4 +160,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -101,4 +101,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -973,4 +973,4 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -66,4 +66,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -123,4 +123,4 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1866,4 +1866,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -509,4 +509,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -53,4 +53,3 @@ variable "factories_config" {
|
||||
nullable = false
|
||||
default = {}
|
||||
}
|
||||
|
||||
|
||||
@@ -2,4 +2,4 @@ FAST_STAGE_DESCRIPTION="project factory (org level)"
|
||||
FAST_STAGE_LEVEL=2
|
||||
FAST_STAGE_NAME=project-factory
|
||||
FAST_STAGE_DEPS="0-globals 0-org-setup"
|
||||
FAST_STAGE_OPTIONAL="1-vpcsc 2-networking 2-security"
|
||||
FAST_STAGE_OPTIONAL="1-vpcsc 2-networking 2-security"
|
||||
|
||||
@@ -12,4 +12,4 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# FAST release: v55.0.0
|
||||
# FAST release: v55.0.0
|
||||
|
||||
@@ -44,4 +44,4 @@ module "output-pattern-folders" {
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -176,4 +176,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -744,4 +744,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -973,4 +973,4 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1866,4 +1866,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -27,4 +27,3 @@ keys:
|
||||
rotation_period: 7776000s
|
||||
gke:
|
||||
rotation_period: 7776000s
|
||||
|
||||
|
||||
@@ -75,4 +75,3 @@ module "kms" {
|
||||
})
|
||||
depends_on = [module.factory]
|
||||
}
|
||||
|
||||
|
||||
@@ -12,4 +12,4 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# FAST release: v55.0.0
|
||||
# FAST release: v55.0.0
|
||||
|
||||
@@ -401,4 +401,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -634,4 +634,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -973,4 +973,4 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -192,4 +192,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1866,4 +1866,4 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,4 +4,4 @@
|
||||
127.0.0.1/32
|
||||
::1/128
|
||||
fc00::/7
|
||||
fe80::/10
|
||||
fe80::/10
|
||||
|
||||
@@ -12,4 +12,4 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# FAST release: v55.0.0
|
||||
# FAST release: v55.0.0
|
||||
|
||||
@@ -58,7 +58,7 @@ for x in $(terraform state list | grep google_logging_project_bucket_config); do
|
||||
terraform state rm "$x";
|
||||
done
|
||||
|
||||
# remove custom constraint to avoid future issue during reprovisionnning.
|
||||
# remove custom constraint to avoid future issue during reprovisionnning.
|
||||
# comment this part if permanent removed is needed
|
||||
for x in $(terraform state list | grep google_org_policy_custom_constraint); do
|
||||
terraform state rm "$x";
|
||||
|
||||
@@ -12,7 +12,7 @@ As usual, consider this a guideline with no guarantees. Migrations between FAST
|
||||
|
||||
> v44.0.0 and v45.0.0 deprecated several legacy stages, refer to those releases or branches for legacy upgrading instructions. Upgrades from legacy to current stages are not directly supported.
|
||||
|
||||
> v52.0.0 moves creation of custom constraints to `module.organization-iam` (from `module.organization`) in stage `0-org-setup`. As `moved` block is not possible and supported for this change, manual state migration is required to avoid destroying existing constraints.
|
||||
> v52.0.0 moves creation of custom constraints to `module.organization-iam` (from `module.organization`) in stage `0-org-setup`. As `moved` block is not possible and supported for this change, manual state migration is required to avoid destroying existing constraints.
|
||||
> This can be done executing this in stage `0-org-setup`:
|
||||
> ```bash
|
||||
> constraints=$(terraform state list | grep 'module.organization\[0\].google_org_policy_custom_constraint.constraint')
|
||||
@@ -25,4 +25,3 @@ As usual, consider this a guideline with no guarantees. Migrations between FAST
|
||||
|
||||
<!-- BEGIN TOC -->
|
||||
<!-- END TOC -->
|
||||
|
||||
|
||||
@@ -14,12 +14,12 @@
|
||||
# limitations under the License.
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
echo "Error: no folder or GCS bucket specified. Use -h or --help for usage."
|
||||
exit 1
|
||||
echo "Error: no folder or GCS bucket specified. Use -h or --help for usage."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "$1" == "-h" || "$1" == "--help" ]]; then
|
||||
cat <<END
|
||||
cat <<END
|
||||
Create commands to initialize stage provider and tfvars files. Use this script
|
||||
from inside a stage folder.
|
||||
|
||||
@@ -32,23 +32,25 @@ Usage with local output files folder:
|
||||
Point path/GCS URI to the tenant folder in tenant mode:
|
||||
fast-links.sh FOLDER_PATH/TENANT_SHORTNAME
|
||||
END
|
||||
exit 0
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [[ "$1" == "gs://"* ]]; then
|
||||
CMD="gcloud storage cp $1"
|
||||
CP_CMD=$CMD
|
||||
CMD="gcloud storage cp $1"
|
||||
# shellcheck disable=SC2034
|
||||
CP_CMD=$CMD
|
||||
elif [ ! -d "$1" ]; then
|
||||
echo "folder $1 not found"
|
||||
exit 1
|
||||
echo "folder $1 not found"
|
||||
exit 1
|
||||
else
|
||||
CMD="ln -s $1"
|
||||
CP_CMD="cp $1"
|
||||
CMD="ln -s $1"
|
||||
# shellcheck disable=SC2034
|
||||
CP_CMD="cp $1"
|
||||
fi
|
||||
|
||||
if [ ! -f .fast-stage.env ]; then
|
||||
echo "this folder does not look like a FAST stage"
|
||||
exit 1
|
||||
echo "this folder does not look like a FAST stage"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
set -a && source .fast-stage.env && set +a
|
||||
@@ -57,26 +59,26 @@ echo -e "# File linking commands for $FAST_STAGE_DESCRIPTION stage\n"
|
||||
|
||||
echo "# provider file"
|
||||
if [[ ! -z ${FAST_STAGE_PROVIDERS+x} ]]; then
|
||||
echo "$CMD/providers/${FAST_STAGE_LEVEL}-${FAST_STAGE_PROVIDERS}-providers.tf ./"
|
||||
echo "$CMD/providers/${FAST_STAGE_LEVEL}-${FAST_STAGE_PROVIDERS}-providers.tf ./"
|
||||
else
|
||||
echo "$CMD/providers/${FAST_STAGE_LEVEL}-${FAST_STAGE_NAME}-providers.tf ./"
|
||||
echo "$CMD/providers/${FAST_STAGE_LEVEL}-${FAST_STAGE_NAME}-providers.tf ./"
|
||||
fi
|
||||
|
||||
if [[ ! -z ${FAST_STAGE_DEPS+x} ]]; then
|
||||
echo -e "\n# input files from other stages"
|
||||
for f in $FAST_STAGE_DEPS; do
|
||||
echo "$CMD/tfvars/$f.auto.tfvars.json ./"
|
||||
done
|
||||
echo -e "\n# input files from other stages"
|
||||
for f in $FAST_STAGE_DEPS; do
|
||||
echo "$CMD/tfvars/$f.auto.tfvars.json ./"
|
||||
done
|
||||
fi
|
||||
|
||||
echo -e "\n# conventional location for this stage terraform.tfvars (manually managed)"
|
||||
echo "$CMD/${FAST_STAGE_LEVEL}-${FAST_STAGE_NAME}.auto.tfvars ./"
|
||||
|
||||
if [[ ! -z ${FAST_STAGE_OPTIONAL+x} ]]; then
|
||||
echo -e "\n# optional files"
|
||||
for f in $FAST_STAGE_OPTIONAL; do
|
||||
echo "$CMD/tfvars/$f.auto.tfvars.json ./"
|
||||
done
|
||||
echo -e "\n# optional files"
|
||||
for f in $FAST_STAGE_OPTIONAL; do
|
||||
echo "$CMD/tfvars/$f.auto.tfvars.json ./"
|
||||
done
|
||||
fi
|
||||
|
||||
echo
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# AlloyDB cluster and instance with read replicas
|
||||
|
||||
This module manages the creation of AlloyDB cluster and configuration with/without automated backup policy, Primary node instance and Read Node Pools.
|
||||
This module manages the creation of AlloyDB cluster and configuration with/without automated backup policy, Primary node instance and Read Node Pools.
|
||||
|
||||
|
||||
## Simple example
|
||||
|
||||
@@ -47,7 +47,7 @@ display_name: Group 1 # Group display name.
|
||||
description: Group 1 description # Group description.
|
||||
members: # List of group members.
|
||||
- user_1@example.com
|
||||
- user_2@example.com
|
||||
- user_2@example.com
|
||||
managers: # List of group managers.
|
||||
- manager_1@example.com
|
||||
```
|
||||
|
||||
@@ -23,4 +23,3 @@ variable "data_dir" {
|
||||
description = "Relative path for the folder storing configuration data."
|
||||
type = string
|
||||
}
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user