diff --git a/blueprints/gke/patterns/autopilot-cluster/versions.tf b/blueprints/gke/patterns/autopilot-cluster/versions.tf
index 857afffa3..593320531 100644
--- a/blueprints/gke/patterns/autopilot-cluster/versions.tf
+++ b/blueprints/gke/patterns/autopilot-cluster/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/autopilot-cluster/versions.tofu b/blueprints/gke/patterns/autopilot-cluster/versions.tofu
index 8182296bf..782f21e80 100644
--- a/blueprints/gke/patterns/autopilot-cluster/versions.tofu
+++ b/blueprints/gke/patterns/autopilot-cluster/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/batch/versions.tf b/blueprints/gke/patterns/batch/versions.tf
index cbbfa0105..26883b3dd 100644
--- a/blueprints/gke/patterns/batch/versions.tf
+++ b/blueprints/gke/patterns/batch/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/batch/versions.tofu b/blueprints/gke/patterns/batch/versions.tofu
index 1677d11ab..c4c445173 100644
--- a/blueprints/gke/patterns/batch/versions.tofu
+++ b/blueprints/gke/patterns/batch/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/kafka/versions.tf b/blueprints/gke/patterns/kafka/versions.tf
index 0b6a5d96e..cea399edf 100644
--- a/blueprints/gke/patterns/kafka/versions.tf
+++ b/blueprints/gke/patterns/kafka/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/kafka/versions.tofu b/blueprints/gke/patterns/kafka/versions.tofu
index db78ad119..2debda385 100644
--- a/blueprints/gke/patterns/kafka/versions.tofu
+++ b/blueprints/gke/patterns/kafka/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/kong-cloudrun/versions.tf b/blueprints/gke/patterns/kong-cloudrun/versions.tf
index 2965fa7d0..18fd2f1e7 100644
--- a/blueprints/gke/patterns/kong-cloudrun/versions.tf
+++ b/blueprints/gke/patterns/kong-cloudrun/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/kong-cloudrun/versions.tofu b/blueprints/gke/patterns/kong-cloudrun/versions.tofu
index e64e737dd..512db6cbd 100644
--- a/blueprints/gke/patterns/kong-cloudrun/versions.tofu
+++ b/blueprints/gke/patterns/kong-cloudrun/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/mysql/versions.tf b/blueprints/gke/patterns/mysql/versions.tf
index 5ab81df21..426831393 100644
--- a/blueprints/gke/patterns/mysql/versions.tf
+++ b/blueprints/gke/patterns/mysql/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/mysql/versions.tofu b/blueprints/gke/patterns/mysql/versions.tofu
index eecf6b226..f7e974c1d 100644
--- a/blueprints/gke/patterns/mysql/versions.tofu
+++ b/blueprints/gke/patterns/mysql/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/redis-cluster/versions.tf b/blueprints/gke/patterns/redis-cluster/versions.tf
index c4485f066..46031fe9e 100644
--- a/blueprints/gke/patterns/redis-cluster/versions.tf
+++ b/blueprints/gke/patterns/redis-cluster/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/gke/patterns/redis-cluster/versions.tofu b/blueprints/gke/patterns/redis-cluster/versions.tofu
index ca250cdb7..029363cef 100644
--- a/blueprints/gke/patterns/redis-cluster/versions.tofu
+++ b/blueprints/gke/patterns/redis-cluster/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/secops/secops-gke-forwarder/versions.tf b/blueprints/secops/secops-gke-forwarder/versions.tf
index b322a9fcc..5e6568712 100644
--- a/blueprints/secops/secops-gke-forwarder/versions.tf
+++ b/blueprints/secops/secops-gke-forwarder/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/secops/secops-gke-forwarder/versions.tofu b/blueprints/secops/secops-gke-forwarder/versions.tofu
index 639ee970f..ae926c7b4 100644
--- a/blueprints/secops/secops-gke-forwarder/versions.tofu
+++ b/blueprints/secops/secops-gke-forwarder/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/blueprints/third-party-solutions/gitlab/README.md b/blueprints/third-party-solutions/gitlab/README.md
index 6b9beb370..4889c43da 100644
--- a/blueprints/third-party-solutions/gitlab/README.md
+++ b/blueprints/third-party-solutions/gitlab/README.md
@@ -291,7 +291,7 @@ terraform output ssh_to_bastion
A gcloud command like the following should be available
-```bash
+```bash
gcloud compute ssh squid-vm --project ${project} --zone europe-west8-b -- -L 3128:127.0.0.1:3128 -N -q -f
```
@@ -317,7 +317,7 @@ gitlab-rake “gitlab:password:reset”
| [gitlab.tf](./gitlab.tf) | None | compute-vm · iam-service-account · net-lb-int | |
| [main.tf](./main.tf) | Module-level locals and resources. | project | |
| [outputs.tf](./outputs.tf) | Module outputs. | | |
-| [services.tf](./services.tf) | None | cloudsql-instance · gcs | google_redis_instance |
+| [services.tf](./services.tf) | None | artifact-registry · cloudsql-instance · gcs | google_redis_instance |
| [ssl.tf](./ssl.tf) | None | | tls_cert_request · tls_locally_signed_cert · tls_private_key · tls_self_signed_cert |
| [variables.tf](./variables.tf) | Module variables. | | |
@@ -325,7 +325,7 @@ gitlab-rake “gitlab:password:reset”
| name | description | type | required | default | producer |
|---|---|:---:|:---:|:---:|:---:|
-| [gitlab_instance_config](variables.tf#L69) | Gitlab Compute Engine instance config. | object({…}) | ✓ | | |
+| [gitlab_instance_config](variables.tf#L69) | Gitlab Compute Engine instance config. | object({…}) | ✓ | | |
| [network_config](variables.tf#L89) | Shared VPC network configurations to use for Gitlab Runner VM. | object({…}) | ✓ | | |
| [prefix](variables.tf#L98) | Prefix used for resource names. | string | ✓ | | |
| [project_id](variables.tf#L117) | Project id, references existing project if `project_create` is null. | string | ✓ | | |
@@ -385,5 +385,5 @@ module "test" {
project_id = "my-project"
region = "europe-west8"
}
-# tftest modules=14 resources=58
+# tftest modules=15 resources=60
```
diff --git a/blueprints/third-party-solutions/gitlab/assets/cloud-config.yaml b/blueprints/third-party-solutions/gitlab/assets/cloud-config.yaml
index cfce725eb..1a920116a 100644
--- a/blueprints/third-party-solutions/gitlab/assets/cloud-config.yaml
+++ b/blueprints/third-party-solutions/gitlab/assets/cloud-config.yaml
@@ -92,7 +92,7 @@ write_files:
Wants=gitlab-data.service gcr-online.target docker.socket docker-events-collector.service
[Service]
Environment="HOME=/home/gitlab"
- ExecStartPre=/usr/bin/docker-credential-gcr configure-docker
+ ExecStartPre=/usr/bin/docker-credential-gcr configure-docker --registries ${region}-docker.pkg.dev
ExecStartPre=mkdir -p /run/gitlab
ExecStart=/usr/bin/docker run --rm --name=gitlab \
--hostname ${gitlab_config.hostname} \
@@ -106,7 +106,7 @@ write_files:
-v /run/gitlab/logs:/var/log/gitlab \
-v /run/gitlab/data:/var/opt/gitlab \
-v /run/gitlab/sshd_config:/assets/sshd_config \
- gitlab/gitlab-ce
+ ${repo_url}/gitlab/gitlab-ce
ExecStop=/usr/bin/docker stop gitlab
runcmd:
diff --git a/blueprints/third-party-solutions/gitlab/gitlab.tf b/blueprints/third-party-solutions/gitlab/gitlab.tf
index 51d5121b2..65b897728 100644
--- a/blueprints/third-party-solutions/gitlab/gitlab.tf
+++ b/blueprints/third-party-solutions/gitlab/gitlab.tf
@@ -42,6 +42,8 @@ locals {
gitlab_cert_name = var.gitlab_config.hostname
gitlab_ssl_key = indent(6, base64encode(local.gitlab_ssl_key))
gitlab_ssl_crt = indent(6, base64encode(local.gitlab_ssl_crt))
+ region = var.region
+ repo_url = module.registry-remote.url
})
}
diff --git a/blueprints/third-party-solutions/gitlab/services.tf b/blueprints/third-party-solutions/gitlab/services.tf
index 54b09eb37..f33fda7b6 100644
--- a/blueprints/third-party-solutions/gitlab/services.tf
+++ b/blueprints/third-party-solutions/gitlab/services.tf
@@ -35,11 +35,10 @@ module "db" {
name = var.cloudsql_config.name
availability_type = var.gitlab_config.ha_required ? "REGIONAL" : "ZONAL"
network_config = {
- authorized_networks = {}
connectivity = {
- psa_configs = [{
+ psa_config = {
private_network = var.network_config.network_self_link
- }]
+ }
}
}
database_version = var.cloudsql_config.database_version
@@ -90,3 +89,20 @@ module "gitlab_object_storage" {
]
}
}
+
+module "registry-remote" {
+ source = "../../../modules/artifact-registry"
+ project_id = var.project_id
+ location = var.region
+ name = "remote"
+ format = {
+ docker = {
+ remote = {
+ public_repository = "DOCKER_HUB"
+ }
+ }
+ }
+ iam = {
+ "roles/artifactregistry.reader" = [module.gitlab-sa.iam_email]
+ }
+}
diff --git a/blueprints/third-party-solutions/gitlab/variables.tf b/blueprints/third-party-solutions/gitlab/variables.tf
index 7d6d24455..a1dab78d7 100644
--- a/blueprints/third-party-solutions/gitlab/variables.tf
+++ b/blueprints/third-party-solutions/gitlab/variables.tf
@@ -69,7 +69,7 @@ variable "gitlab_config" {
variable "gitlab_instance_config" {
description = "Gitlab Compute Engine instance config."
type = object({
- instance_type = optional(string, "n1-highcpu-8")
+ instance_type = optional(string, "n2-highcpu-8")
name = optional(string, "gitlab-0")
network_tags = optional(list(string), [])
replica_zone = optional(string)
diff --git a/default-versions.tf b/default-versions.tf
index 53005b10f..469fa2ddb 100644
--- a/default-versions.tf
+++ b/default-versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/default-versions.tofu b/default-versions.tofu
index 77fb28658..33635f966 100644
--- a/default-versions.tofu
+++ b/default-versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/fast/stages/1-vpcsc/README.md b/fast/stages/1-vpcsc/README.md
index 3e49627fd..c6bd06a90 100644
--- a/fast/stages/1-vpcsc/README.md
+++ b/fast/stages/1-vpcsc/README.md
@@ -305,13 +305,13 @@ Some references that might be useful in setting up this stage:
| [organization](variables-fast.tf#L35) | Organization details. | object({…}) | ✓ | | 0-bootstrap |
| [access_levels](variables.tf#L17) | Access level definitions. | map(object({…})) | | {} | |
| [access_policy](variables.tf#L67) | Access policy id (used for tenant-level VPC-SC configurations). | number | | null | |
-| [egress_policies](variables.tf#L73) | Egress policy definitions that can be referenced in perimeters. | map(object({…})) | | {} | |
-| [factories_config](variables.tf#L115) | Paths to folders that enable factory functionality. | object({…}) | | {} | |
-| [ingress_policies](variables.tf#L132) | Ingress policy definitions that can be referenced in perimeters. | map(object({…})) | | {} | |
+| [egress_policies](variables.tf#L73) | Egress policy definitions that can be referenced in perimeters. | map(object({…})) | | {} | |
+| [factories_config](variables.tf#L116) | Paths to folders that enable factory functionality. | object({…}) | | {} | |
+| [ingress_policies](variables.tf#L133) | Ingress policy definitions that can be referenced in perimeters. | map(object({…})) | | {} | |
| [logging](variables-fast.tf#L25) | Log writer identities for organization / folders. | object({…}) | | null | 0-bootstrap |
-| [outputs_location](variables.tf#L173) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | |
-| [perimeters](variables.tf#L179) | Perimeter definitions. | map(object({…})) | | {} | |
-| [resource_discovery](variables.tf#L212) | Automatic discovery of perimeter projects. | object({…}) | | {} | |
+| [outputs_location](variables.tf#L175) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | string | | null | |
+| [perimeters](variables.tf#L181) | Perimeter definitions. | map(object({…})) | | {} | |
+| [resource_discovery](variables.tf#L214) | Automatic discovery of perimeter projects. | object({…}) | | {} | |
| [root_node](variables-fast.tf#L45) | Root node for the hierarchy, if running in tenant mode. | string | | null | 0-bootstrap |
## Outputs
diff --git a/fast/stages/1-vpcsc/variables.tf b/fast/stages/1-vpcsc/variables.tf
index da6a7fe14..01e6cb88c 100644
--- a/fast/stages/1-vpcsc/variables.tf
+++ b/fast/stages/1-vpcsc/variables.tf
@@ -88,6 +88,7 @@ variable "egress_policies" {
service_name = string
})), [])
resources = optional(list(string))
+ roles = optional(list(string))
})
}))
default = {}
@@ -146,6 +147,7 @@ variable "ingress_policies" {
service_name = string
})), [])
resources = optional(list(string))
+ roles = optional(list(string))
})
}))
default = {}
diff --git a/fast/stages/3-gke-dev/README.md b/fast/stages/3-gke-dev/README.md
index 1d642b885..08f2db7da 100644
--- a/fast/stages/3-gke-dev/README.md
+++ b/fast/stages/3-gke-dev/README.md
@@ -230,18 +230,18 @@ Clusters can then be configured for fleet registration and one of the config man
| [billing_account](variables-fast.tf#L17) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap |
| [environments](variables-fast.tf#L25) | Long environment names. | object({…}) | ✓ | | 1-resman |
| [prefix](variables-fast.tf#L51) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | string | ✓ | | 0-bootstrap |
-| [clusters](variables.tf#L17) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…})) | | {} | |
-| [deletion_protection](variables.tf#L97) | Prevent Terraform from destroying data resources. | bool | | false | |
+| [clusters](variables.tf#L17) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…})) | | {} | |
+| [deletion_protection](variables.tf#L98) | Prevent Terraform from destroying data resources. | bool | | false | |
| [fleet_config](variables-fleet.tf#L19) | Fleet configuration. | object({…}) | | null | |
| [fleet_configmanagement_templates](variables-fleet.tf#L35) | Sets of fleet configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} | |
| [folder_ids](variables-fast.tf#L35) | Folder name => id mappings. | map(string) | | {} | 1-resman |
| [host_project_ids](variables-fast.tf#L43) | Shared VPC host project name => id mappings. | map(string) | | {} | 2-networking |
-| [iam](variables.tf#L104) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | |
-| [iam_by_principals](variables.tf#L111) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string)) | | {} | |
-| [nodepools](variables.tf#L118) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} | |
-| [stage_config](variables.tf#L151) | FAST stage configuration used to find resource ids. Must match name defined for the stage in resource management. | object({…}) | | {…} | |
+| [iam](variables.tf#L105) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | |
+| [iam_by_principals](variables.tf#L112) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string)) | | {} | |
+| [nodepools](variables.tf#L119) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} | |
+| [stage_config](variables.tf#L152) | FAST stage configuration used to find resource ids. Must match name defined for the stage in resource management. | object({…}) | | {…} | |
| [subnet_self_links](variables-fast.tf#L61) | Subnet VPC name => { name => self link } mappings. | map(map(string)) | | {} | 2-networking |
-| [vpc_config](variables.tf#L163) | VPC-level configuration for project and clusters. | object({…}) | | {…} | |
+| [vpc_config](variables.tf#L164) | VPC-level configuration for project and clusters. | object({…}) | | {…} | |
| [vpc_self_links](variables-fast.tf#L69) | Shared VPC name => self link mappings. | map(string) | | {} | 2-networking |
## Outputs
diff --git a/fast/stages/3-gke-dev/variables.tf b/fast/stages/3-gke-dev/variables.tf
index a7189ebe9..ea24944d2 100644
--- a/fast/stages/3-gke-dev/variables.tf
+++ b/fast/stages/3-gke-dev/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2024 Google LLC
+ * Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,13 +20,14 @@ variable "clusters" {
access_config = optional(object({
dns_access = optional(bool, true)
ip_access = optional(object({
- authorized_ranges = optional(map(string), {})
- disable_public_endpoint = optional(bool, true)
+ authorized_ranges = optional(map(string), {})
+ disable_public_endpoint = optional(bool, true)
+ gcp_public_cidrs_access_enabled = optional(bool, false)
private_endpoint_config = optional(object({
endpoint_subnetwork = optional(string)
global_access = optional(bool, true)
}), {})
- }), {})
+ }))
private_nodes = optional(bool, true)
}), {})
cluster_autoscaling = optional(any)
diff --git a/modules/__experimental_deprecated/alloydb-instance/versions.tf b/modules/__experimental_deprecated/alloydb-instance/versions.tf
index 88955dbb2..38210cc80 100644
--- a/modules/__experimental_deprecated/alloydb-instance/versions.tf
+++ b/modules/__experimental_deprecated/alloydb-instance/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/__experimental_deprecated/alloydb-instance/versions.tofu b/modules/__experimental_deprecated/alloydb-instance/versions.tofu
index 4cbbee2a5..dd62d9d7c 100644
--- a/modules/__experimental_deprecated/alloydb-instance/versions.tofu
+++ b/modules/__experimental_deprecated/alloydb-instance/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/__experimental_deprecated/net-neg/versions.tf b/modules/__experimental_deprecated/net-neg/versions.tf
index f9cc49cb5..c7f786232 100644
--- a/modules/__experimental_deprecated/net-neg/versions.tf
+++ b/modules/__experimental_deprecated/net-neg/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/__experimental_deprecated/net-neg/versions.tofu b/modules/__experimental_deprecated/net-neg/versions.tofu
index f7c8dea7c..8cbdd9c42 100644
--- a/modules/__experimental_deprecated/net-neg/versions.tofu
+++ b/modules/__experimental_deprecated/net-neg/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/__experimental_deprecated/project-iam-magic/versions.tf b/modules/__experimental_deprecated/project-iam-magic/versions.tf
index b1606bc74..27df7ffdc 100644
--- a/modules/__experimental_deprecated/project-iam-magic/versions.tf
+++ b/modules/__experimental_deprecated/project-iam-magic/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/__experimental_deprecated/project-iam-magic/versions.tofu b/modules/__experimental_deprecated/project-iam-magic/versions.tofu
index 49515f163..286c294af 100644
--- a/modules/__experimental_deprecated/project-iam-magic/versions.tofu
+++ b/modules/__experimental_deprecated/project-iam-magic/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/alloydb/versions.tf b/modules/alloydb/versions.tf
index 75a8bcd93..c703a60c2 100644
--- a/modules/alloydb/versions.tf
+++ b/modules/alloydb/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/alloydb/versions.tofu b/modules/alloydb/versions.tofu
index efe0db477..d0784715b 100644
--- a/modules/alloydb/versions.tofu
+++ b/modules/alloydb/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/analytics-hub/versions.tf b/modules/analytics-hub/versions.tf
index f15f8d29b..55b1b1139 100644
--- a/modules/analytics-hub/versions.tf
+++ b/modules/analytics-hub/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/analytics-hub/versions.tofu b/modules/analytics-hub/versions.tofu
index 30f0d1a39..8e5d3a74f 100644
--- a/modules/analytics-hub/versions.tofu
+++ b/modules/analytics-hub/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/api-gateway/versions.tf b/modules/api-gateway/versions.tf
index 1ea314d9c..7f4dc3ea0 100644
--- a/modules/api-gateway/versions.tf
+++ b/modules/api-gateway/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/api-gateway/versions.tofu b/modules/api-gateway/versions.tofu
index 982ec71bc..983fd8fe4 100644
--- a/modules/api-gateway/versions.tofu
+++ b/modules/api-gateway/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/apigee/versions.tf b/modules/apigee/versions.tf
index 4126faa48..9e9a89095 100644
--- a/modules/apigee/versions.tf
+++ b/modules/apigee/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/apigee/versions.tofu b/modules/apigee/versions.tofu
index 4beddf327..99e3d32a3 100644
--- a/modules/apigee/versions.tofu
+++ b/modules/apigee/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/artifact-registry/versions.tf b/modules/artifact-registry/versions.tf
index 93ba0cde1..834c07c95 100644
--- a/modules/artifact-registry/versions.tf
+++ b/modules/artifact-registry/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/artifact-registry/versions.tofu b/modules/artifact-registry/versions.tofu
index 52bb79990..08d4d82f3 100644
--- a/modules/artifact-registry/versions.tofu
+++ b/modules/artifact-registry/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/bigquery-dataset/versions.tf b/modules/bigquery-dataset/versions.tf
index 994d90749..af1bf77cd 100644
--- a/modules/bigquery-dataset/versions.tf
+++ b/modules/bigquery-dataset/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/bigquery-dataset/versions.tofu b/modules/bigquery-dataset/versions.tofu
index d7db4add6..2d5d1a52d 100644
--- a/modules/bigquery-dataset/versions.tofu
+++ b/modules/bigquery-dataset/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/bigtable-instance/versions.tf b/modules/bigtable-instance/versions.tf
index aa52a4c5e..2c8099d8d 100644
--- a/modules/bigtable-instance/versions.tf
+++ b/modules/bigtable-instance/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/bigtable-instance/versions.tofu b/modules/bigtable-instance/versions.tofu
index 46fed25c4..1673c0ea9 100644
--- a/modules/bigtable-instance/versions.tofu
+++ b/modules/bigtable-instance/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/billing-account/versions.tf b/modules/billing-account/versions.tf
index 8a16bf069..b6ecdc5a9 100644
--- a/modules/billing-account/versions.tf
+++ b/modules/billing-account/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/billing-account/versions.tofu b/modules/billing-account/versions.tofu
index d007afb50..5a8255af9 100644
--- a/modules/billing-account/versions.tofu
+++ b/modules/billing-account/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/binauthz/versions.tf b/modules/binauthz/versions.tf
index 870ddc624..69a525e98 100644
--- a/modules/binauthz/versions.tf
+++ b/modules/binauthz/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/binauthz/versions.tofu b/modules/binauthz/versions.tofu
index c9582d01c..00881f27e 100644
--- a/modules/binauthz/versions.tofu
+++ b/modules/binauthz/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/certificate-authority-service/versions.tf b/modules/certificate-authority-service/versions.tf
index 8d83cb43e..afe04e61f 100644
--- a/modules/certificate-authority-service/versions.tf
+++ b/modules/certificate-authority-service/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/certificate-authority-service/versions.tofu b/modules/certificate-authority-service/versions.tofu
index 37fe4ef91..e9cbe1087 100644
--- a/modules/certificate-authority-service/versions.tofu
+++ b/modules/certificate-authority-service/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/certificate-manager/versions.tf b/modules/certificate-manager/versions.tf
index ea5c9c445..916b0cafd 100644
--- a/modules/certificate-manager/versions.tf
+++ b/modules/certificate-manager/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/certificate-manager/versions.tofu b/modules/certificate-manager/versions.tofu
index b65758281..ec429044f 100644
--- a/modules/certificate-manager/versions.tofu
+++ b/modules/certificate-manager/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/__need_fixing/onprem/versions.tf b/modules/cloud-config-container/__need_fixing/onprem/versions.tf
index f50721d6d..26f085ad4 100644
--- a/modules/cloud-config-container/__need_fixing/onprem/versions.tf
+++ b/modules/cloud-config-container/__need_fixing/onprem/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/__need_fixing/onprem/versions.tofu b/modules/cloud-config-container/__need_fixing/onprem/versions.tofu
index c3f2b9a0d..73bcc8244 100644
--- a/modules/cloud-config-container/__need_fixing/onprem/versions.tofu
+++ b/modules/cloud-config-container/__need_fixing/onprem/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/__need_fixing/squid/versions.tf b/modules/cloud-config-container/__need_fixing/squid/versions.tf
index 002d2b893..228eb068b 100644
--- a/modules/cloud-config-container/__need_fixing/squid/versions.tf
+++ b/modules/cloud-config-container/__need_fixing/squid/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/__need_fixing/squid/versions.tofu b/modules/cloud-config-container/__need_fixing/squid/versions.tofu
index ed1fd1108..54dbbe4fe 100644
--- a/modules/cloud-config-container/__need_fixing/squid/versions.tofu
+++ b/modules/cloud-config-container/__need_fixing/squid/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/bindplane/versions.tf b/modules/cloud-config-container/bindplane/versions.tf
index 4fd5c256f..53ff818a6 100644
--- a/modules/cloud-config-container/bindplane/versions.tf
+++ b/modules/cloud-config-container/bindplane/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/bindplane/versions.tofu b/modules/cloud-config-container/bindplane/versions.tofu
index 97b110795..4aca9beca 100644
--- a/modules/cloud-config-container/bindplane/versions.tofu
+++ b/modules/cloud-config-container/bindplane/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/coredns/versions.tf b/modules/cloud-config-container/coredns/versions.tf
index df61fddd3..a8cc198cb 100644
--- a/modules/cloud-config-container/coredns/versions.tf
+++ b/modules/cloud-config-container/coredns/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/coredns/versions.tofu b/modules/cloud-config-container/coredns/versions.tofu
index 71e0a4e36..74a7da800 100644
--- a/modules/cloud-config-container/coredns/versions.tofu
+++ b/modules/cloud-config-container/coredns/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/cos-generic-metadata/versions.tf b/modules/cloud-config-container/cos-generic-metadata/versions.tf
index 0617e9d98..b8f262e93 100644
--- a/modules/cloud-config-container/cos-generic-metadata/versions.tf
+++ b/modules/cloud-config-container/cos-generic-metadata/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/cos-generic-metadata/versions.tofu b/modules/cloud-config-container/cos-generic-metadata/versions.tofu
index 150bd9bdb..a30ae75ef 100644
--- a/modules/cloud-config-container/cos-generic-metadata/versions.tofu
+++ b/modules/cloud-config-container/cos-generic-metadata/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf
index d0c8daa99..133a035e0 100644
--- a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf
+++ b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tofu b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tofu
index e702f947a..325663dd3 100644
--- a/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tofu
+++ b/modules/cloud-config-container/envoy-sni-dyn-fwd-proxy/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/envoy-traffic-director/versions.tf b/modules/cloud-config-container/envoy-traffic-director/versions.tf
index 0c09a385d..c8b388957 100644
--- a/modules/cloud-config-container/envoy-traffic-director/versions.tf
+++ b/modules/cloud-config-container/envoy-traffic-director/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/envoy-traffic-director/versions.tofu b/modules/cloud-config-container/envoy-traffic-director/versions.tofu
index 874b751aa..f165f9c93 100644
--- a/modules/cloud-config-container/envoy-traffic-director/versions.tofu
+++ b/modules/cloud-config-container/envoy-traffic-director/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/mysql/versions.tf b/modules/cloud-config-container/mysql/versions.tf
index 82b03aaff..fed3052e8 100644
--- a/modules/cloud-config-container/mysql/versions.tf
+++ b/modules/cloud-config-container/mysql/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/mysql/versions.tofu b/modules/cloud-config-container/mysql/versions.tofu
index 5420730d7..8bc352638 100644
--- a/modules/cloud-config-container/mysql/versions.tofu
+++ b/modules/cloud-config-container/mysql/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/nginx-tls/versions.tf b/modules/cloud-config-container/nginx-tls/versions.tf
index 41dd2ed68..201b4b497 100644
--- a/modules/cloud-config-container/nginx-tls/versions.tf
+++ b/modules/cloud-config-container/nginx-tls/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/nginx-tls/versions.tofu b/modules/cloud-config-container/nginx-tls/versions.tofu
index 6f438aa07..6428312fc 100644
--- a/modules/cloud-config-container/nginx-tls/versions.tofu
+++ b/modules/cloud-config-container/nginx-tls/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/nginx/versions.tf b/modules/cloud-config-container/nginx/versions.tf
index 86a8edcd4..1182a6785 100644
--- a/modules/cloud-config-container/nginx/versions.tf
+++ b/modules/cloud-config-container/nginx/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/nginx/versions.tofu b/modules/cloud-config-container/nginx/versions.tofu
index 57a29c380..feb77313f 100644
--- a/modules/cloud-config-container/nginx/versions.tofu
+++ b/modules/cloud-config-container/nginx/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/simple-nva/versions.tf b/modules/cloud-config-container/simple-nva/versions.tf
index 831b2ae03..cf450b4f6 100644
--- a/modules/cloud-config-container/simple-nva/versions.tf
+++ b/modules/cloud-config-container/simple-nva/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-config-container/simple-nva/versions.tofu b/modules/cloud-config-container/simple-nva/versions.tofu
index 7c8228990..54cf2f301 100644
--- a/modules/cloud-config-container/simple-nva/versions.tofu
+++ b/modules/cloud-config-container/simple-nva/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-function-v1/versions.tf b/modules/cloud-function-v1/versions.tf
index 8a6f1b650..2610a4ff9 100644
--- a/modules/cloud-function-v1/versions.tf
+++ b/modules/cloud-function-v1/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-function-v1/versions.tofu b/modules/cloud-function-v1/versions.tofu
index 76da0d1f8..196a6a931 100644
--- a/modules/cloud-function-v1/versions.tofu
+++ b/modules/cloud-function-v1/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-function-v2/versions.tf b/modules/cloud-function-v2/versions.tf
index 9012ad6b8..0625fc7d0 100644
--- a/modules/cloud-function-v2/versions.tf
+++ b/modules/cloud-function-v2/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-function-v2/versions.tofu b/modules/cloud-function-v2/versions.tofu
index 04bf200b9..0073426e6 100644
--- a/modules/cloud-function-v2/versions.tofu
+++ b/modules/cloud-function-v2/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-identity-group/versions.tf b/modules/cloud-identity-group/versions.tf
index 11c33f040..b4dfcf10f 100644
--- a/modules/cloud-identity-group/versions.tf
+++ b/modules/cloud-identity-group/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-identity-group/versions.tofu b/modules/cloud-identity-group/versions.tofu
index 4418a129a..5e2958c14 100644
--- a/modules/cloud-identity-group/versions.tofu
+++ b/modules/cloud-identity-group/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-run-v2/README.md b/modules/cloud-run-v2/README.md
index 4c863a525..d4b0825dc 100644
--- a/modules/cloud-run-v2/README.md
+++ b/modules/cloud-run-v2/README.md
@@ -14,6 +14,7 @@ Cloud Run Services and Jobs, with support for IAM roles and Eventarc trigger cre
- [PubSub](#pubsub)
- [Audit logs](#audit-logs)
- [Using custom service accounts for triggers](#using-custom-service-accounts-for-triggers)
+- [Cloud Run Invoker IAM Disable](#cloud-run-invoker-iam-disable)
- [Cloud Run Service Account](#cloud-run-service-account)
- [Creating Cloud Run Jobs](#creating-cloud-run-jobs)
- [Tag bindings](#tag-bindings)
@@ -417,6 +418,27 @@ module "cloud_run" {
# tftest modules=2 resources=6 fixtures=fixtures/pubsub.tf inventory=service-eventarc-pubsub-sa-create.yaml e2e
```
+## Cloud Run Invoker IAM Disable
+
+To disables IAM permission check for `run.routes.invoke` for callers of this service set the `invoker_iam_disabled` variable of the module to `true` (default `false`). There should be no requirement to pass the `roles/run.invoker` to the IAM block to enable public access. This allows for the org policy `domain restricted sharing` org policy remain enabled.
+
+```hcl
+module "cloud_run" {
+ source = "./fabric/modules/cloud-run-v2"
+ project_id = var.project_id
+ region = var.region
+ name = "hello"
+ containers = {
+ hello = {
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ }
+ }
+ invoker_iam_disabled = true
+ deletion_protection = false
+}
+# tftest modules=1 resources=1 inventory=service-invoker-iam-disable.yaml e2e
+```
+
## Cloud Run Service Account
To use a custom service account managed by the module, set `service_account_create` to `true` and leave `service_account` set to `null` (default).
@@ -544,9 +566,9 @@ module "cloud_run" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [name](variables.tf#L165) | Name used for Cloud Run service. | string | ✓ | |
-| [project_id](variables.tf#L180) | Project id used for all resources. | string | ✓ | |
-| [region](variables.tf#L185) | Region used for all resources. | string | ✓ | |
+| [name](variables.tf#L171) | Name used for Cloud Run service. | string | ✓ | |
+| [project_id](variables.tf#L186) | Project id used for all resources. | string | ✓ | |
+| [region](variables.tf#L191) | Region used for all resources. | string | ✓ | |
| [containers](variables.tf#L17) | Containers in name => attributes format. | map(object({…})) | | {} |
| [create_job](variables.tf#L77) | Create Cloud Run Job instead of Service. | bool | | false |
| [custom_audiences](variables.tf#L83) | Custom audiences for service. | list(string) | | null |
@@ -555,14 +577,15 @@ module "cloud_run" {
| [eventarc_triggers](variables.tf#L101) | Event arc triggers for different sources. | object({…}) | | {} |
| [iam](variables.tf#L119) | IAM bindings for Cloud Run service in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
| [ingress](variables.tf#L125) | Ingress settings. | string | | null |
-| [labels](variables.tf#L142) | Resource labels. | map(string) | | {} |
-| [launch_stage](variables.tf#L148) | The launch stage as defined by Google Cloud Platform Launch Stages. | string | | null |
-| [prefix](variables.tf#L170) | Optional prefix used for resource names. | string | | null |
-| [revision](variables.tf#L190) | Revision template configurations. | object({…}) | | {} |
-| [service_account](variables.tf#L228) | Service account email. Unused if service account is auto-created. | string | | null |
-| [service_account_create](variables.tf#L234) | Auto-create service account. | bool | | false |
-| [tag_bindings](variables.tf#L240) | Tag bindings for this service, in key => tag value id format. | map(string) | | {} |
-| [volumes](variables.tf#L247) | Named volumes in containers in name => attributes format. | map(object({…})) | | {} |
+| [invoker_iam_disabled](variables.tf#L142) | Disables IAM permission check for run.routes.invoke for callers of this service. | bool | | false |
+| [labels](variables.tf#L148) | Resource labels. | map(string) | | {} |
+| [launch_stage](variables.tf#L154) | The launch stage as defined by Google Cloud Platform Launch Stages. | string | | null |
+| [prefix](variables.tf#L176) | Optional prefix used for resource names. | string | | null |
+| [revision](variables.tf#L196) | Revision template configurations. | object({…}) | | {} |
+| [service_account](variables.tf#L234) | Service account email. Unused if service account is auto-created. | string | | null |
+| [service_account_create](variables.tf#L240) | Auto-create service account. | bool | | false |
+| [tag_bindings](variables.tf#L246) | Tag bindings for this service, in key => tag value id format. | map(string) | | {} |
+| [volumes](variables.tf#L253) | Named volumes in containers in name => attributes format. | map(object({…})) | | {} |
| [vpc_connector_create](variables-vpcconnector.tf#L17) | Populate this to create a Serverless VPC Access connector. | object({…}) | | null |
## Outputs
diff --git a/modules/cloud-run-v2/service.tf b/modules/cloud-run-v2/service.tf
index 8df793740..f0f927ffe 100644
--- a/modules/cloud-run-v2/service.tf
+++ b/modules/cloud-run-v2/service.tf
@@ -15,15 +15,16 @@
*/
resource "google_cloud_run_v2_service" "service" {
- count = var.create_job ? 0 : 1
- provider = google-beta
- project = var.project_id
- location = var.region
- name = "${local.prefix}${var.name}"
- ingress = var.ingress
- labels = var.labels
- launch_stage = var.launch_stage
- custom_audiences = var.custom_audiences
+ count = var.create_job ? 0 : 1
+ provider = google-beta
+ project = var.project_id
+ location = var.region
+ name = "${local.prefix}${var.name}"
+ ingress = var.ingress
+ invoker_iam_disabled = var.invoker_iam_disabled
+ labels = var.labels
+ launch_stage = var.launch_stage
+ custom_audiences = var.custom_audiences
template {
encryption_key = var.encryption_key
diff --git a/modules/cloud-run-v2/variables.tf b/modules/cloud-run-v2/variables.tf
index 951ad84c1..7185395b0 100644
--- a/modules/cloud-run-v2/variables.tf
+++ b/modules/cloud-run-v2/variables.tf
@@ -139,6 +139,12 @@ variable "ingress" {
}
}
+variable "invoker_iam_disabled" {
+ description = "Disables IAM permission check for run.routes.invoke for callers of this service."
+ type = bool
+ default = false
+}
+
variable "labels" {
description = "Resource labels."
type = map(string)
diff --git a/modules/cloud-run-v2/versions.tf b/modules/cloud-run-v2/versions.tf
index 35eeb2ea0..c0156efe1 100644
--- a/modules/cloud-run-v2/versions.tf
+++ b/modules/cloud-run-v2/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-run-v2/versions.tofu b/modules/cloud-run-v2/versions.tofu
index c21739870..64bdb7e44 100644
--- a/modules/cloud-run-v2/versions.tofu
+++ b/modules/cloud-run-v2/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-run/versions.tf b/modules/cloud-run/versions.tf
index 59608375b..34191cb8d 100644
--- a/modules/cloud-run/versions.tf
+++ b/modules/cloud-run/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloud-run/versions.tofu b/modules/cloud-run/versions.tofu
index b37fc9efc..7d5e153d2 100644
--- a/modules/cloud-run/versions.tofu
+++ b/modules/cloud-run/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloudsql-instance/versions.tf b/modules/cloudsql-instance/versions.tf
index 202793a00..4e87568f2 100644
--- a/modules/cloudsql-instance/versions.tf
+++ b/modules/cloudsql-instance/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/cloudsql-instance/versions.tofu b/modules/cloudsql-instance/versions.tofu
index 75f4e4f14..847263eec 100644
--- a/modules/cloudsql-instance/versions.tofu
+++ b/modules/cloudsql-instance/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/compute-mig/versions.tf b/modules/compute-mig/versions.tf
index 3357ce995..4f8d4b9a8 100644
--- a/modules/compute-mig/versions.tf
+++ b/modules/compute-mig/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/compute-mig/versions.tofu b/modules/compute-mig/versions.tofu
index 82fa74eb0..048340224 100644
--- a/modules/compute-mig/versions.tofu
+++ b/modules/compute-mig/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/compute-vm/versions.tf b/modules/compute-vm/versions.tf
index 08021d887..4bf67f1e3 100644
--- a/modules/compute-vm/versions.tf
+++ b/modules/compute-vm/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/compute-vm/versions.tofu b/modules/compute-vm/versions.tofu
index 12ee09346..e7f62a9e2 100644
--- a/modules/compute-vm/versions.tofu
+++ b/modules/compute-vm/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/container-registry/versions.tf b/modules/container-registry/versions.tf
index 611a6fee6..418b3ba80 100644
--- a/modules/container-registry/versions.tf
+++ b/modules/container-registry/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/container-registry/versions.tofu b/modules/container-registry/versions.tofu
index cc359909e..f6caa155f 100644
--- a/modules/container-registry/versions.tofu
+++ b/modules/container-registry/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/data-catalog-policy-tag/versions.tf b/modules/data-catalog-policy-tag/versions.tf
index 96d2a97e7..99d75814e 100644
--- a/modules/data-catalog-policy-tag/versions.tf
+++ b/modules/data-catalog-policy-tag/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/data-catalog-policy-tag/versions.tofu b/modules/data-catalog-policy-tag/versions.tofu
index 5571a80d4..79b741e18 100644
--- a/modules/data-catalog-policy-tag/versions.tofu
+++ b/modules/data-catalog-policy-tag/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/data-catalog-tag-template/versions.tf b/modules/data-catalog-tag-template/versions.tf
index bf9bbe27f..20f4a30f9 100644
--- a/modules/data-catalog-tag-template/versions.tf
+++ b/modules/data-catalog-tag-template/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/data-catalog-tag-template/versions.tofu b/modules/data-catalog-tag-template/versions.tofu
index e0cfd65cb..4ef23e409 100644
--- a/modules/data-catalog-tag-template/versions.tofu
+++ b/modules/data-catalog-tag-template/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/data-catalog-tag/versions.tf b/modules/data-catalog-tag/versions.tf
index 6752992b4..568f6eb46 100644
--- a/modules/data-catalog-tag/versions.tf
+++ b/modules/data-catalog-tag/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/data-catalog-tag/versions.tofu b/modules/data-catalog-tag/versions.tofu
index a23502829..0fe134ee9 100644
--- a/modules/data-catalog-tag/versions.tofu
+++ b/modules/data-catalog-tag/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dataform-repository/versions.tf b/modules/dataform-repository/versions.tf
index f1c0e00b8..16dced151 100644
--- a/modules/dataform-repository/versions.tf
+++ b/modules/dataform-repository/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dataform-repository/versions.tofu b/modules/dataform-repository/versions.tofu
index c87eb63fe..3b9c0aebd 100644
--- a/modules/dataform-repository/versions.tofu
+++ b/modules/dataform-repository/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/datafusion/versions.tf b/modules/datafusion/versions.tf
index c415174fb..a25893fe4 100644
--- a/modules/datafusion/versions.tf
+++ b/modules/datafusion/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/datafusion/versions.tofu b/modules/datafusion/versions.tofu
index 60e492d5c..b12d50063 100644
--- a/modules/datafusion/versions.tofu
+++ b/modules/datafusion/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dataplex-datascan/versions.tf b/modules/dataplex-datascan/versions.tf
index 72147e417..53d3e4a33 100644
--- a/modules/dataplex-datascan/versions.tf
+++ b/modules/dataplex-datascan/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dataplex-datascan/versions.tofu b/modules/dataplex-datascan/versions.tofu
index 6b9e44997..4b6c6e7f1 100644
--- a/modules/dataplex-datascan/versions.tofu
+++ b/modules/dataplex-datascan/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dataplex/versions.tf b/modules/dataplex/versions.tf
index 5919654a6..134a5776d 100644
--- a/modules/dataplex/versions.tf
+++ b/modules/dataplex/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dataplex/versions.tofu b/modules/dataplex/versions.tofu
index fa363036f..e5128f1e5 100644
--- a/modules/dataplex/versions.tofu
+++ b/modules/dataplex/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dataproc/versions.tf b/modules/dataproc/versions.tf
index 5991fcd46..caebef6c0 100644
--- a/modules/dataproc/versions.tf
+++ b/modules/dataproc/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dataproc/versions.tofu b/modules/dataproc/versions.tofu
index 46441f1f3..029f2547e 100644
--- a/modules/dataproc/versions.tofu
+++ b/modules/dataproc/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dns-response-policy/versions.tf b/modules/dns-response-policy/versions.tf
index 8656563f6..f9fe465e9 100644
--- a/modules/dns-response-policy/versions.tf
+++ b/modules/dns-response-policy/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dns-response-policy/versions.tofu b/modules/dns-response-policy/versions.tofu
index afc67cf60..9e0c1811e 100644
--- a/modules/dns-response-policy/versions.tofu
+++ b/modules/dns-response-policy/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dns/versions.tf b/modules/dns/versions.tf
index f022d5eea..9511eada0 100644
--- a/modules/dns/versions.tf
+++ b/modules/dns/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/dns/versions.tofu b/modules/dns/versions.tofu
index 9fa279e2c..0f9e1895b 100644
--- a/modules/dns/versions.tofu
+++ b/modules/dns/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/endpoints/versions.tf b/modules/endpoints/versions.tf
index f13ef00ab..4cd4fc854 100644
--- a/modules/endpoints/versions.tf
+++ b/modules/endpoints/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/endpoints/versions.tofu b/modules/endpoints/versions.tofu
index 406157fc6..4fec6cbd9 100644
--- a/modules/endpoints/versions.tofu
+++ b/modules/endpoints/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/firestore/versions.tf b/modules/firestore/versions.tf
index 3066b1ce2..8752d4661 100644
--- a/modules/firestore/versions.tf
+++ b/modules/firestore/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/firestore/versions.tofu b/modules/firestore/versions.tofu
index a3d168bcb..126cbac3a 100644
--- a/modules/firestore/versions.tofu
+++ b/modules/firestore/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/folder/versions.tf b/modules/folder/versions.tf
index 7f35226ef..9a4970e2c 100644
--- a/modules/folder/versions.tf
+++ b/modules/folder/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/folder/versions.tofu b/modules/folder/versions.tofu
index e3e2a373c..1a0abf784 100644
--- a/modules/folder/versions.tofu
+++ b/modules/folder/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gcs/versions.tf b/modules/gcs/versions.tf
index 036edd38f..5f1699eb7 100644
--- a/modules/gcs/versions.tf
+++ b/modules/gcs/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gcs/versions.tofu b/modules/gcs/versions.tofu
index 67344153c..2df7f71fa 100644
--- a/modules/gcs/versions.tofu
+++ b/modules/gcs/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gcve-private-cloud/versions.tf b/modules/gcve-private-cloud/versions.tf
index 2370e7fde..7241745d3 100644
--- a/modules/gcve-private-cloud/versions.tf
+++ b/modules/gcve-private-cloud/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gcve-private-cloud/versions.tofu b/modules/gcve-private-cloud/versions.tofu
index 68311e000..3cffc1552 100644
--- a/modules/gcve-private-cloud/versions.tofu
+++ b/modules/gcve-private-cloud/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gke-cluster-autopilot/README.md b/modules/gke-cluster-autopilot/README.md
index 5fb61ee9b..b9a2ebeb7 100644
--- a/modules/gke-cluster-autopilot/README.md
+++ b/modules/gke-cluster-autopilot/README.md
@@ -8,6 +8,8 @@ This module offers a way to create and manage Google Kubernetes Engine (GKE) [Au
- [Logging configuration](#logging-configuration)
- [Monitoring configuration](#monitoring-configuration)
- [Backup for GKE](#backup-for-gke)
+ - [Allowing access from Google Cloud services](#allowing-access-from-google-cloud-services)
+ - [Disable PSC endpoint creation](#disable-psc-endpoint-creation)
- [Variables](#variables)
- [Outputs](#outputs)
@@ -200,30 +202,91 @@ module "cluster-1" {
}
# tftest modules=1 resources=2 inventory=backup.yaml
```
+
+### Allowing access from Google Cloud services
+
+To allow access to your cluster from Google Cloud services (like Cloud Shell, Cloud Build, etc.) without needing to manually specify all Google Cloud IP ranges, you can use the `gcp_public_cidrs_access_enabled` parameter:
+
+```hcl
+module "cluster-1" {
+ source = "./fabric/modules/gke-cluster-autopilot"
+ project_id = "myproject"
+ name = "cluster-1"
+ location = "europe-west1"
+ access_config = {
+ ip_access = {
+ gcp_public_cidrs_access_enabled = true
+ authorized_ranges = {
+ internal-vms = "10.0.0.0/8"
+ }
+ }
+ }
+ vpc_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = {
+ pods = "pods"
+ services = "services"
+ }
+ }
+ labels = {
+ environment = "dev"
+ }
+}
+# tftest modules=1 resources=1 inventory=access-google.yaml
+```
+
+### Disable PSC endpoint creation
+
+To disable IP access to the GKE control plane and prevent PSC endpoint creation, set `var.access_config.ip_access` to `null` or omit the variable.
+
+```hcl
+module "cluster-1" {
+ source = "./fabric/modules/gke-cluster-autopilot"
+ project_id = "myproject"
+ name = "cluster-1"
+ location = "europe-west1"
+ access_config = {
+ dns_access = true
+ }
+ vpc_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = {
+ pods = "pods"
+ services = "services"
+ }
+ }
+ labels = {
+ environment = "dev"
+ }
+}
+# tftest modules=1 resources=1 inventory=no-ip-access.yaml
+```
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L144) | Autopilot clusters are always regional. | string | ✓ | |
-| [name](variables.tf#L223) | Cluster name. | string | ✓ | |
-| [project_id](variables.tf#L254) | Cluster project ID. | string | ✓ | |
-| [vpc_config](variables.tf#L270) | VPC-level configuration. | object({…}) | ✓ | |
-| [access_config](variables.tf#L17) | Control plane endpoint and nodes access configurations. | object({…}) | | {} |
-| [backup_configs](variables.tf#L42) | Configuration for Backup for GKE. | object({…}) | | {} |
-| [deletion_protection](variables.tf#L63) | Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail. | bool | | true |
-| [description](variables.tf#L70) | Cluster description. | string | | null |
-| [enable_addons](variables.tf#L76) | Addons enabled in the cluster (true means enabled). | object({…}) | | {} |
-| [enable_features](variables.tf#L90) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {} |
-| [issue_client_certificate](variables.tf#L132) | Enable issuing client certificate. | bool | | false |
-| [labels](variables.tf#L138) | Cluster resource labels. | map(string) | | null |
-| [logging_config](variables.tf#L149) | Logging configuration. | object({…}) | | {} |
-| [maintenance_config](variables.tf#L160) | Maintenance window configuration. | object({…}) | | {…} |
-| [min_master_version](variables.tf#L183) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
-| [monitoring_config](variables.tf#L189) | Monitoring configuration. System metrics collection cannot be disabled. Control plane metrics are optional. Kube state metrics are optional. Google Cloud Managed Service for Prometheus is enabled by default. | object({…}) | | {} |
-| [node_config](variables.tf#L228) | Configuration for nodes and nodepools. | object({…}) | | {} |
-| [node_locations](variables.tf#L247) | Zones in which the cluster's nodes are located. | list(string) | | [] |
-| [release_channel](variables.tf#L259) | Release channel for GKE upgrades. Clusters created in the Autopilot mode must use a release channel. Choose between \"RAPID\", \"REGULAR\", and \"STABLE\". | string | | "REGULAR" |
+| [location](variables.tf#L146) | Autopilot clusters are always regional. | string | ✓ | |
+| [name](variables.tf#L225) | Cluster name. | string | ✓ | |
+| [project_id](variables.tf#L256) | Cluster project ID. | string | ✓ | |
+| [vpc_config](variables.tf#L272) | VPC-level configuration. | object({…}) | ✓ | |
+| [access_config](variables.tf#L17) | Control plane endpoint and nodes access configurations. | object({…}) | | {} |
+| [backup_configs](variables.tf#L43) | Configuration for Backup for GKE. | object({…}) | | {} |
+| [deletion_protection](variables.tf#L64) | Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail. | bool | | true |
+| [description](variables.tf#L71) | Cluster description. | string | | null |
+| [enable_addons](variables.tf#L77) | Addons enabled in the cluster (true means enabled). | object({…}) | | {} |
+| [enable_features](variables.tf#L91) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {} |
+| [issue_client_certificate](variables.tf#L134) | Enable issuing client certificate. | bool | | false |
+| [labels](variables.tf#L140) | Cluster resource labels. | map(string) | | null |
+| [logging_config](variables.tf#L151) | Logging configuration. | object({…}) | | {} |
+| [maintenance_config](variables.tf#L162) | Maintenance window configuration. | object({…}) | | {…} |
+| [min_master_version](variables.tf#L185) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
+| [monitoring_config](variables.tf#L191) | Monitoring configuration. System metrics collection cannot be disabled. Control plane metrics are optional. Kube state metrics are optional. Google Cloud Managed Service for Prometheus is enabled by default. | object({…}) | | {} |
+| [node_config](variables.tf#L230) | Configuration for nodes and nodepools. | object({…}) | | {} |
+| [node_locations](variables.tf#L249) | Zones in which the cluster's nodes are located. | list(string) | | [] |
+| [release_channel](variables.tf#L261) | Release channel for GKE upgrades. Clusters created in the Autopilot mode must use a release channel. Choose between \"RAPID\", \"REGULAR\", and \"STABLE\". | string | | "REGULAR" |
## Outputs
diff --git a/modules/gke-cluster-autopilot/main.tf b/modules/gke-cluster-autopilot/main.tf
index 8a60908f5..5235ae4ea 100644
--- a/modules/gke-cluster-autopilot/main.tf
+++ b/modules/gke-cluster-autopilot/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2023 Google LLC
+ * Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -81,12 +81,12 @@ resource "google_container_cluster" "cluster" {
service_account = var.node_config.service_account
}
}
- dynamic "control_plane_endpoints_config" {
- for_each = var.access_config.dns_access == true ? [""] : []
- content {
- dns_endpoint_config {
- allow_external_traffic = true
- }
+ control_plane_endpoints_config {
+ dns_endpoint_config {
+ allow_external_traffic = var.access_config.dns_access == true
+ }
+ ip_endpoints_config {
+ enabled = var.access_config.ip_access != null
}
}
dynamic "database_encryption" {
@@ -105,9 +105,10 @@ resource "google_container_cluster" "cluster" {
dynamic "dns_config" {
for_each = var.enable_features.dns != null ? [""] : []
content {
- cluster_dns = var.enable_features.dns.provider
- cluster_dns_scope = var.enable_features.dns.scope
- cluster_dns_domain = var.enable_features.dns.domain
+ additive_vpc_scope_dns_domain = var.enable_features.dns.additive_vpc_scope_dns_domain
+ cluster_dns = var.enable_features.dns.provider
+ cluster_dns_scope = var.enable_features.dns.scope
+ cluster_dns_domain = var.enable_features.dns.domain
}
}
dynamic "enable_k8s_beta_apis" {
@@ -208,10 +209,15 @@ resource "google_container_cluster" "cluster" {
}
}
dynamic "master_authorized_networks_config" {
- for_each = try(var.access_config.ip_access.authorized_ranges, null) != null ? [""] : []
+ for_each = (
+ try(var.access_config.ip_access.authorized_ranges, null) != null ||
+ try(var.access_config.ip_access.gcp_public_cidrs_access_enabled, null) != null
+ ) ? [""] : []
content {
+ gcp_public_cidrs_access_enabled = try(var.access_config.ip_access.gcp_public_cidrs_access_enabled, null)
+
dynamic "cidr_blocks" {
- for_each = var.access_config.ip_access.authorized_ranges
+ for_each = try(var.access_config.ip_access.authorized_ranges, {})
iterator = range
content {
cidr_block = range.value
@@ -272,18 +278,23 @@ resource "google_container_cluster" "cluster" {
for_each = var.access_config.private_nodes == true ? [""] : []
content {
enable_private_nodes = true
- enable_private_endpoint = (
- var.access_config.ip_access.disable_public_endpoint
+ enable_private_endpoint = try(
+ var.access_config.ip_access.disable_public_endpoint,
+ # this should be null, but when ip_access is disabled, the API
+ # returns true. We return true to avoid a permadiff
+ true
)
private_endpoint_subnetwork = try(
var.access_config.ip_access.private_endpoint_config.endpoint_subnetwork,
null
)
- master_global_access_config {
- enabled = try(
- var.access_config.ip_access.private_endpoint_config.global_access,
- null
- )
+ dynamic "master_global_access_config" {
+ for_each = try(var.access_config.ip_access.private_endpoint_config.global_access, false) == true ? [""] : []
+ content {
+ enabled = (
+ var.access_config.ip_access.private_endpoint_config.global_access
+ )
+ }
}
}
}
diff --git a/modules/gke-cluster-autopilot/variables.tf b/modules/gke-cluster-autopilot/variables.tf
index 000496e8a..714adb899 100644
--- a/modules/gke-cluster-autopilot/variables.tf
+++ b/modules/gke-cluster-autopilot/variables.tf
@@ -19,13 +19,14 @@ variable "access_config" {
type = object({
dns_access = optional(bool, true)
ip_access = optional(object({
- authorized_ranges = optional(map(string), {})
- disable_public_endpoint = optional(bool, true)
+ authorized_ranges = optional(map(string), {})
+ disable_public_endpoint = optional(bool, true)
+ gcp_public_cidrs_access_enabled = optional(bool, false)
private_endpoint_config = optional(object({
endpoint_subnetwork = optional(string)
global_access = optional(bool, true)
}), {})
- }), {})
+ }))
private_nodes = optional(bool, true)
})
nullable = false
@@ -94,9 +95,10 @@ variable "enable_features" {
binary_authorization = optional(bool, false)
cost_management = optional(bool, true)
dns = optional(object({
- provider = optional(string)
- scope = optional(string)
- domain = optional(string)
+ additive_vpc_scope_dns_domain = optional(string)
+ provider = optional(string)
+ scope = optional(string)
+ domain = optional(string)
}))
database_encryption = optional(object({
state = string
diff --git a/modules/gke-cluster-autopilot/versions.tf b/modules/gke-cluster-autopilot/versions.tf
index 495b79862..54932868c 100644
--- a/modules/gke-cluster-autopilot/versions.tf
+++ b/modules/gke-cluster-autopilot/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gke-cluster-autopilot/versions.tofu b/modules/gke-cluster-autopilot/versions.tofu
index 2c1adcc3e..02b3bb256 100644
--- a/modules/gke-cluster-autopilot/versions.tofu
+++ b/modules/gke-cluster-autopilot/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gke-cluster-standard/README.md b/modules/gke-cluster-standard/README.md
index e6dbd08b3..1b3ab36c2 100644
--- a/modules/gke-cluster-standard/README.md
+++ b/modules/gke-cluster-standard/README.md
@@ -9,6 +9,7 @@ This module offers a way to create and manage Google Kubernetes Engine (GKE) [St
- [Cluster access configurations](#cluster-access-configurations)
- [Private cluster with DNS endpoint enabled](#private-cluster-with-dns-endpoint-enabled)
- [Public cluster](#public-cluster)
+ - [Allowing access from Google Cloud services](#allowing-access-from-google-cloud-services)
- [Regional cluster](#regional-cluster)
- [Enable Dataplane V2](#enable-dataplane-v2)
- [Managing GKE logs](#managing-gke-logs)
@@ -18,6 +19,7 @@ This module offers a way to create and manage Google Kubernetes Engine (GKE) [St
- [Backup for GKE](#backup-for-gke)
- [Automatic creation of new secondary ranges](#automatic-creation-of-new-secondary-ranges)
- [Node auto-provisioning with GPUs and TPUs](#node-auto-provisioning-with-gpus-and-tpus)
+ - [Disable PSC endpoint creation](#disable-psc-endpoint-creation)
- [Variables](#variables)
- [Outputs](#outputs)
@@ -104,6 +106,43 @@ module "cluster-1" {
# tftest modules=1 resources=1 inventory=access-public.yaml
```
+### Allowing access from Google Cloud services
+
+To allow access to your cluster from Google Cloud services (like Cloud Shell, Cloud Build, etc.) without needing to manually specify all Google Cloud IP ranges, you can use the `gcp_public_cidrs_access_enabled` parameter:
+
+```hcl
+module "cluster-1" {
+ source = "./fabric/modules/gke-cluster-standard"
+ project_id = "myproject"
+ name = "cluster-1"
+ location = "europe-west1-b"
+ access_config = {
+ dns_access = false
+ gcp_public_cidrs_access_enabled = true
+ ip_access = {
+ authorized_ranges = {
+ internal-vms = "10.0.0.0/8"
+ }
+ disable_public_endpoint = false
+ }
+ private_nodes = false
+ }
+ vpc_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = {
+ pods = "pods"
+ services = "services"
+ }
+ }
+ max_pods_per_node = 32
+ labels = {
+ environment = "dev"
+ }
+}
+# tftest modules=1 resources=1 inventory=access-google.yaml
+```
+
## Regional cluster
Regional clusters are created by setting `location` to a GCP region and then configuring `node_locations`, as shown in the example below.
@@ -240,7 +279,7 @@ module "cluster-1" {
enable_storage_metrics = true
# Kube state metrics collection requires Google Cloud Managed Service for Prometheus,
# which is enabled by default.
- # enable_managed_prometheus = true
+ # enable_managed_prometheus = true
}
}
# tftest modules=1 resources=1 inventory=monitoring-config-kube-state.yaml
@@ -387,6 +426,7 @@ module "cluster-1" {
You can use `var.cluster_autoscaling` block to configure node auto-provisioning for the GKE cluster. The example below configures limits for CPU, memory, GPUs and TPUs.
+
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster-standard"
@@ -423,33 +463,61 @@ module "cluster-1" {
}
# tftest modules=1 resources=1
```
+
+### Disable PSC endpoint creation
+
+To disable IP access to the GKE control plane and prevent PSC endpoint creation, set `var.access_config.ip_access` to `null` or omit the variable.
+
+```hcl
+module "cluster-1" {
+ source = "./fabric/modules/gke-cluster-autopilot"
+ project_id = "myproject"
+ name = "cluster-1"
+ location = "europe-west1"
+ access_config = {
+ dns_access = true
+ }
+ vpc_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = {
+ pods = "pods"
+ services = "services"
+ }
+ }
+ labels = {
+ environment = "dev"
+ }
+}
+# tftest modules=1 resources=1 inventory=no-ip-access.yaml
+```
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L263) | Cluster zone or region. | string | ✓ | |
-| [name](variables.tf#L378) | Cluster name. | string | ✓ | |
-| [project_id](variables.tf#L411) | Cluster project id. | string | ✓ | |
-| [vpc_config](variables.tf#L422) | VPC-level configuration. | object({…}) | ✓ | |
-| [access_config](variables.tf#L17) | Control plane endpoint and nodes access configurations. | object({…}) | | {} |
-| [backup_configs](variables.tf#L42) | Configuration for Backup for GKE. | object({…}) | | {} |
-| [cluster_autoscaling](variables.tf#L64) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | null |
-| [default_nodepool](variables.tf#L143) | Enable default nodepool. | object({…}) | | {} |
-| [deletion_protection](variables.tf#L161) | Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail. | bool | | true |
-| [description](variables.tf#L168) | Cluster description. | string | | null |
-| [enable_addons](variables.tf#L174) | Addons enabled in the cluster (true means enabled). | object({…}) | | {} |
-| [enable_features](variables.tf#L196) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {} |
-| [issue_client_certificate](variables.tf#L250) | Enable issuing client certificate. | bool | | false |
-| [labels](variables.tf#L256) | Cluster resource labels. | map(string) | | {} |
-| [logging_config](variables.tf#L268) | Logging configuration. | object({…}) | | {} |
-| [maintenance_config](variables.tf#L289) | Maintenance window configuration. | object({…}) | | {…} |
-| [max_pods_per_node](variables.tf#L312) | Maximum number of pods per node in this cluster. | number | | 110 |
-| [min_master_version](variables.tf#L318) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
-| [monitoring_config](variables.tf#L324) | Monitoring configuration. Google Cloud Managed Service for Prometheus is enabled by default. | object({…}) | | {} |
-| [node_config](variables.tf#L383) | Node-level configuration. | object({…}) | | {} |
-| [node_locations](variables.tf#L404) | Zones in which the cluster's nodes are located. | list(string) | | [] |
-| [release_channel](variables.tf#L416) | Release channel for GKE upgrades. | string | | null |
+| [location](variables.tf#L265) | Cluster zone or region. | string | ✓ | |
+| [name](variables.tf#L380) | Cluster name. | string | ✓ | |
+| [project_id](variables.tf#L413) | Cluster project id. | string | ✓ | |
+| [vpc_config](variables.tf#L424) | VPC-level configuration. | object({…}) | ✓ | |
+| [access_config](variables.tf#L17) | Control plane endpoint and nodes access configurations. | object({…}) | | {} |
+| [backup_configs](variables.tf#L43) | Configuration for Backup for GKE. | object({…}) | | {} |
+| [cluster_autoscaling](variables.tf#L65) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | null |
+| [default_nodepool](variables.tf#L144) | Enable default nodepool. | object({…}) | | {} |
+| [deletion_protection](variables.tf#L162) | Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail. | bool | | true |
+| [description](variables.tf#L169) | Cluster description. | string | | null |
+| [enable_addons](variables.tf#L175) | Addons enabled in the cluster (true means enabled). | object({…}) | | {} |
+| [enable_features](variables.tf#L197) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {} |
+| [issue_client_certificate](variables.tf#L252) | Enable issuing client certificate. | bool | | false |
+| [labels](variables.tf#L258) | Cluster resource labels. | map(string) | | {} |
+| [logging_config](variables.tf#L270) | Logging configuration. | object({…}) | | {} |
+| [maintenance_config](variables.tf#L291) | Maintenance window configuration. | object({…}) | | {…} |
+| [max_pods_per_node](variables.tf#L314) | Maximum number of pods per node in this cluster. | number | | 110 |
+| [min_master_version](variables.tf#L320) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
+| [monitoring_config](variables.tf#L326) | Monitoring configuration. Google Cloud Managed Service for Prometheus is enabled by default. | object({…}) | | {} |
+| [node_config](variables.tf#L385) | Node-level configuration. | object({…}) | | {} |
+| [node_locations](variables.tf#L406) | Zones in which the cluster's nodes are located. | list(string) | | [] |
+| [release_channel](variables.tf#L418) | Release channel for GKE upgrades. | string | | null |
## Outputs
diff --git a/modules/gke-cluster-standard/main.tf b/modules/gke-cluster-standard/main.tf
index eaa50464e..1ef3f4929 100644
--- a/modules/gke-cluster-standard/main.tf
+++ b/modules/gke-cluster-standard/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2024 Google LLC
+ * Copyright 2025 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -249,12 +249,12 @@ resource "google_container_cluster" "cluster" {
}
}
}
- dynamic "control_plane_endpoints_config" {
- for_each = var.access_config.dns_access == true ? [""] : []
- content {
- dns_endpoint_config {
- allow_external_traffic = true
- }
+ control_plane_endpoints_config {
+ dns_endpoint_config {
+ allow_external_traffic = var.access_config.dns_access == true
+ }
+ ip_endpoints_config {
+ enabled = var.access_config.ip_access != null
}
}
dynamic "database_encryption" {
@@ -267,9 +267,10 @@ resource "google_container_cluster" "cluster" {
dynamic "dns_config" {
for_each = var.enable_features.dns != null ? [""] : []
content {
- cluster_dns = var.enable_features.dns.provider
- cluster_dns_scope = var.enable_features.dns.scope
- cluster_dns_domain = var.enable_features.dns.domain
+ additive_vpc_scope_dns_domain = var.enable_features.dns.additive_vpc_scope_dns_domain
+ cluster_dns = var.enable_features.dns.provider
+ cluster_dns_scope = var.enable_features.dns.scope
+ cluster_dns_domain = var.enable_features.dns.domain
}
}
dynamic "enable_k8s_beta_apis" {
@@ -392,10 +393,15 @@ resource "google_container_cluster" "cluster" {
}
}
dynamic "master_authorized_networks_config" {
- for_each = try(var.access_config.ip_access.authorized_ranges, null) != null ? [""] : []
+ for_each = (
+ try(var.access_config.ip_access.authorized_ranges, null) != null ||
+ try(var.access_config.ip_access.gcp_public_cidrs_access_enabled, null) != null
+ ) ? [""] : []
content {
+ gcp_public_cidrs_access_enabled = try(var.access_config.ip_access.gcp_public_cidrs_access_enabled, null)
+
dynamic "cidr_blocks" {
- for_each = var.access_config.ip_access.authorized_ranges
+ for_each = try(var.access_config.ip_access.authorized_ranges, {})
iterator = range
content {
cidr_block = range.value
@@ -476,18 +482,23 @@ resource "google_container_cluster" "cluster" {
for_each = var.access_config.private_nodes == true ? [""] : []
content {
enable_private_nodes = true
- enable_private_endpoint = (
- var.access_config.ip_access.disable_public_endpoint
+ enable_private_endpoint = try(
+ var.access_config.ip_access.disable_public_endpoint,
+ # this should be null, but when ip_access is disabled, the API
+ # returns true. We return true to avoid a permadiff
+ true
)
private_endpoint_subnetwork = try(
var.access_config.ip_access.private_endpoint_config.endpoint_subnetwork,
null
)
- master_global_access_config {
- enabled = try(
- var.access_config.ip_access.private_endpoint_config.global_access,
- null
- )
+ dynamic "master_global_access_config" {
+ for_each = try(var.access_config.ip_access.private_endpoint_config.global_access, false) == true ? [""] : []
+ content {
+ enabled = (
+ var.access_config.ip_access.private_endpoint_config.global_access
+ )
+ }
}
}
}
diff --git a/modules/gke-cluster-standard/variables.tf b/modules/gke-cluster-standard/variables.tf
index ee2f7d8e7..c8378da4c 100644
--- a/modules/gke-cluster-standard/variables.tf
+++ b/modules/gke-cluster-standard/variables.tf
@@ -19,13 +19,14 @@ variable "access_config" {
type = object({
dns_access = optional(bool, true)
ip_access = optional(object({
- authorized_ranges = optional(map(string), {})
- disable_public_endpoint = optional(bool, true)
+ authorized_ranges = optional(map(string), {})
+ disable_public_endpoint = optional(bool, true)
+ gcp_public_cidrs_access_enabled = optional(bool, false)
private_endpoint_config = optional(object({
endpoint_subnetwork = optional(string)
global_access = optional(bool, true)
}), {})
- }), {})
+ }))
private_nodes = optional(bool, true)
})
nullable = false
@@ -201,9 +202,10 @@ variable "enable_features" {
cilium_clusterwide_network_policy = optional(bool, false)
cost_management = optional(bool, true)
dns = optional(object({
- provider = optional(string)
- scope = optional(string)
- domain = optional(string)
+ additive_vpc_scope_dns_domain = optional(string)
+ provider = optional(string)
+ scope = optional(string)
+ domain = optional(string)
}))
database_encryption = optional(object({
state = string
diff --git a/modules/gke-cluster-standard/versions.tf b/modules/gke-cluster-standard/versions.tf
index cd53cc8c8..d369c7749 100644
--- a/modules/gke-cluster-standard/versions.tf
+++ b/modules/gke-cluster-standard/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gke-cluster-standard/versions.tofu b/modules/gke-cluster-standard/versions.tofu
index 3ed1a5d4e..2b814f07b 100644
--- a/modules/gke-cluster-standard/versions.tofu
+++ b/modules/gke-cluster-standard/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gke-hub/versions.tf b/modules/gke-hub/versions.tf
index 92d3960dc..b6d387d3a 100644
--- a/modules/gke-hub/versions.tf
+++ b/modules/gke-hub/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gke-hub/versions.tofu b/modules/gke-hub/versions.tofu
index fbd24b882..331b95a92 100644
--- a/modules/gke-hub/versions.tofu
+++ b/modules/gke-hub/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gke-nodepool/versions.tf b/modules/gke-nodepool/versions.tf
index 5f9da69bd..703f139bf 100644
--- a/modules/gke-nodepool/versions.tf
+++ b/modules/gke-nodepool/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/gke-nodepool/versions.tofu b/modules/gke-nodepool/versions.tofu
index b2052a7e5..7f6d42ef5 100644
--- a/modules/gke-nodepool/versions.tofu
+++ b/modules/gke-nodepool/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/iam-service-account/versions.tf b/modules/iam-service-account/versions.tf
index 36936ee00..6158d156a 100644
--- a/modules/iam-service-account/versions.tf
+++ b/modules/iam-service-account/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/iam-service-account/versions.tofu b/modules/iam-service-account/versions.tofu
index 7102f9047..138fdc62d 100644
--- a/modules/iam-service-account/versions.tofu
+++ b/modules/iam-service-account/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/kms/versions.tf b/modules/kms/versions.tf
index 87ebd0847..fc923a289 100644
--- a/modules/kms/versions.tf
+++ b/modules/kms/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/kms/versions.tofu b/modules/kms/versions.tofu
index a56d6e0c7..e90e5913e 100644
--- a/modules/kms/versions.tofu
+++ b/modules/kms/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/logging-bucket/versions.tf b/modules/logging-bucket/versions.tf
index bd507fe3b..3852b9f65 100644
--- a/modules/logging-bucket/versions.tf
+++ b/modules/logging-bucket/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/logging-bucket/versions.tofu b/modules/logging-bucket/versions.tofu
index a97a2af3f..2e721e070 100644
--- a/modules/logging-bucket/versions.tofu
+++ b/modules/logging-bucket/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/looker-core/versions.tf b/modules/looker-core/versions.tf
index 0c1d3ae90..beea353bd 100644
--- a/modules/looker-core/versions.tf
+++ b/modules/looker-core/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/looker-core/versions.tofu b/modules/looker-core/versions.tofu
index 3bb705770..3e2ba252f 100644
--- a/modules/looker-core/versions.tofu
+++ b/modules/looker-core/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/ncc-spoke-ra/versions.tf b/modules/ncc-spoke-ra/versions.tf
index 7e52b15f2..2e33708ce 100644
--- a/modules/ncc-spoke-ra/versions.tf
+++ b/modules/ncc-spoke-ra/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/ncc-spoke-ra/versions.tofu b/modules/ncc-spoke-ra/versions.tofu
index 69d1bec97..ba8988a7a 100644
--- a/modules/ncc-spoke-ra/versions.tofu
+++ b/modules/ncc-spoke-ra/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-address/versions.tf b/modules/net-address/versions.tf
index 3e772a636..95583a952 100644
--- a/modules/net-address/versions.tf
+++ b/modules/net-address/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-address/versions.tofu b/modules/net-address/versions.tofu
index 29c75e479..a4759664d 100644
--- a/modules/net-address/versions.tofu
+++ b/modules/net-address/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-cloudnat/versions.tf b/modules/net-cloudnat/versions.tf
index 971675cc5..d3b9ba7f5 100644
--- a/modules/net-cloudnat/versions.tf
+++ b/modules/net-cloudnat/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-cloudnat/versions.tofu b/modules/net-cloudnat/versions.tofu
index 4f81c561e..59e56b39b 100644
--- a/modules/net-cloudnat/versions.tofu
+++ b/modules/net-cloudnat/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-firewall-policy/versions.tf b/modules/net-firewall-policy/versions.tf
index 001e832ec..c0fa7000e 100644
--- a/modules/net-firewall-policy/versions.tf
+++ b/modules/net-firewall-policy/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-firewall-policy/versions.tofu b/modules/net-firewall-policy/versions.tofu
index e89566a85..c7716d30d 100644
--- a/modules/net-firewall-policy/versions.tofu
+++ b/modules/net-firewall-policy/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-ipsec-over-interconnect/versions.tf b/modules/net-ipsec-over-interconnect/versions.tf
index aa59ba020..2d0ea96c6 100644
--- a/modules/net-ipsec-over-interconnect/versions.tf
+++ b/modules/net-ipsec-over-interconnect/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-ipsec-over-interconnect/versions.tofu b/modules/net-ipsec-over-interconnect/versions.tofu
index 0fc5ba104..240e4dc0c 100644
--- a/modules/net-ipsec-over-interconnect/versions.tofu
+++ b/modules/net-ipsec-over-interconnect/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-app-ext-regional/versions.tf b/modules/net-lb-app-ext-regional/versions.tf
index 9054b41ae..aa393f1ea 100644
--- a/modules/net-lb-app-ext-regional/versions.tf
+++ b/modules/net-lb-app-ext-regional/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-app-ext-regional/versions.tofu b/modules/net-lb-app-ext-regional/versions.tofu
index 4cb67741a..d12b19485 100644
--- a/modules/net-lb-app-ext-regional/versions.tofu
+++ b/modules/net-lb-app-ext-regional/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-app-ext/versions.tf b/modules/net-lb-app-ext/versions.tf
index 8349afc59..e9779974e 100644
--- a/modules/net-lb-app-ext/versions.tf
+++ b/modules/net-lb-app-ext/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-app-ext/versions.tofu b/modules/net-lb-app-ext/versions.tofu
index 556f2b3b2..ed8969510 100644
--- a/modules/net-lb-app-ext/versions.tofu
+++ b/modules/net-lb-app-ext/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-app-int-cross-region/versions.tf b/modules/net-lb-app-int-cross-region/versions.tf
index 310764895..b64ed4f8c 100644
--- a/modules/net-lb-app-int-cross-region/versions.tf
+++ b/modules/net-lb-app-int-cross-region/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-app-int-cross-region/versions.tofu b/modules/net-lb-app-int-cross-region/versions.tofu
index 8e25e1828..8426b8bc0 100644
--- a/modules/net-lb-app-int-cross-region/versions.tofu
+++ b/modules/net-lb-app-int-cross-region/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-app-int/versions.tf b/modules/net-lb-app-int/versions.tf
index 510660d76..b18747f09 100644
--- a/modules/net-lb-app-int/versions.tf
+++ b/modules/net-lb-app-int/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-app-int/versions.tofu b/modules/net-lb-app-int/versions.tofu
index 81c73866e..fa6e24bf6 100644
--- a/modules/net-lb-app-int/versions.tofu
+++ b/modules/net-lb-app-int/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-ext/versions.tf b/modules/net-lb-ext/versions.tf
index 209e83a81..be1c5ec4f 100644
--- a/modules/net-lb-ext/versions.tf
+++ b/modules/net-lb-ext/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-ext/versions.tofu b/modules/net-lb-ext/versions.tofu
index 41f1376fe..9ee79f570 100644
--- a/modules/net-lb-ext/versions.tofu
+++ b/modules/net-lb-ext/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-int/versions.tf b/modules/net-lb-int/versions.tf
index 4d8ddf372..cd8a3ee86 100644
--- a/modules/net-lb-int/versions.tf
+++ b/modules/net-lb-int/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-int/versions.tofu b/modules/net-lb-int/versions.tofu
index 8f533848b..c5d11acbc 100644
--- a/modules/net-lb-int/versions.tofu
+++ b/modules/net-lb-int/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-proxy-int/versions.tf b/modules/net-lb-proxy-int/versions.tf
index 89bed7087..2a5c12e4d 100644
--- a/modules/net-lb-proxy-int/versions.tf
+++ b/modules/net-lb-proxy-int/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-lb-proxy-int/versions.tofu b/modules/net-lb-proxy-int/versions.tofu
index 20059f459..a27003e0e 100644
--- a/modules/net-lb-proxy-int/versions.tofu
+++ b/modules/net-lb-proxy-int/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-swp/versions.tf b/modules/net-swp/versions.tf
index d9d26748e..63379a20a 100644
--- a/modules/net-swp/versions.tf
+++ b/modules/net-swp/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-swp/versions.tofu b/modules/net-swp/versions.tofu
index b9012f351..027028b2e 100644
--- a/modules/net-swp/versions.tofu
+++ b/modules/net-swp/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vlan-attachment/versions.tf b/modules/net-vlan-attachment/versions.tf
index 5e5254532..bfe268537 100644
--- a/modules/net-vlan-attachment/versions.tf
+++ b/modules/net-vlan-attachment/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vlan-attachment/versions.tofu b/modules/net-vlan-attachment/versions.tofu
index 3b2165351..4616032a8 100644
--- a/modules/net-vlan-attachment/versions.tofu
+++ b/modules/net-vlan-attachment/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpc-firewall/versions.tf b/modules/net-vpc-firewall/versions.tf
index a6f799cf4..d3802c531 100644
--- a/modules/net-vpc-firewall/versions.tf
+++ b/modules/net-vpc-firewall/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpc-firewall/versions.tofu b/modules/net-vpc-firewall/versions.tofu
index b01b0992a..171a2b3ef 100644
--- a/modules/net-vpc-firewall/versions.tofu
+++ b/modules/net-vpc-firewall/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpc-peering/versions.tf b/modules/net-vpc-peering/versions.tf
index 43c2351ec..b4581c5ba 100644
--- a/modules/net-vpc-peering/versions.tf
+++ b/modules/net-vpc-peering/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpc-peering/versions.tofu b/modules/net-vpc-peering/versions.tofu
index 17f1fc3b2..281a28b20 100644
--- a/modules/net-vpc-peering/versions.tofu
+++ b/modules/net-vpc-peering/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpc/versions.tf b/modules/net-vpc/versions.tf
index 744161ef6..819854f69 100644
--- a/modules/net-vpc/versions.tf
+++ b/modules/net-vpc/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpc/versions.tofu b/modules/net-vpc/versions.tofu
index 08387df63..58a55c377 100644
--- a/modules/net-vpc/versions.tofu
+++ b/modules/net-vpc/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpn-dynamic/versions.tf b/modules/net-vpn-dynamic/versions.tf
index 82e869331..d8a467de6 100644
--- a/modules/net-vpn-dynamic/versions.tf
+++ b/modules/net-vpn-dynamic/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpn-dynamic/versions.tofu b/modules/net-vpn-dynamic/versions.tofu
index a5aa5fba2..c205bcb43 100644
--- a/modules/net-vpn-dynamic/versions.tofu
+++ b/modules/net-vpn-dynamic/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpn-ha/versions.tf b/modules/net-vpn-ha/versions.tf
index efb24acb6..92bc81139 100644
--- a/modules/net-vpn-ha/versions.tf
+++ b/modules/net-vpn-ha/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpn-ha/versions.tofu b/modules/net-vpn-ha/versions.tofu
index 4e919a12f..02994487c 100644
--- a/modules/net-vpn-ha/versions.tofu
+++ b/modules/net-vpn-ha/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpn-static/versions.tf b/modules/net-vpn-static/versions.tf
index 107727061..4241bbebd 100644
--- a/modules/net-vpn-static/versions.tf
+++ b/modules/net-vpn-static/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/net-vpn-static/versions.tofu b/modules/net-vpn-static/versions.tofu
index d027a01c6..ea4994bcc 100644
--- a/modules/net-vpn-static/versions.tofu
+++ b/modules/net-vpn-static/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf
index 504cd88ca..d135b9200 100644
--- a/modules/organization/versions.tf
+++ b/modules/organization/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/organization/versions.tofu b/modules/organization/versions.tofu
index 674f1a685..1d223dbc8 100644
--- a/modules/organization/versions.tofu
+++ b/modules/organization/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/project/versions.tf b/modules/project/versions.tf
index 370d58c9c..323b12448 100644
--- a/modules/project/versions.tf
+++ b/modules/project/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/project/versions.tofu b/modules/project/versions.tofu
index 6244852ba..7ffadecc3 100644
--- a/modules/project/versions.tofu
+++ b/modules/project/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/projects-data-source/versions.tf b/modules/projects-data-source/versions.tf
index c1a310660..9f5300eaa 100644
--- a/modules/projects-data-source/versions.tf
+++ b/modules/projects-data-source/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/projects-data-source/versions.tofu b/modules/projects-data-source/versions.tofu
index 736b0bdf4..2c831a703 100644
--- a/modules/projects-data-source/versions.tofu
+++ b/modules/projects-data-source/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/pubsub/versions.tf b/modules/pubsub/versions.tf
index 7f099bbf5..b28eb94b3 100644
--- a/modules/pubsub/versions.tf
+++ b/modules/pubsub/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/pubsub/versions.tofu b/modules/pubsub/versions.tofu
index ec43e0bc0..9aff4b84a 100644
--- a/modules/pubsub/versions.tofu
+++ b/modules/pubsub/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/secret-manager/versions.tf b/modules/secret-manager/versions.tf
index 9893f9041..a539e3c14 100644
--- a/modules/secret-manager/versions.tf
+++ b/modules/secret-manager/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/secret-manager/versions.tofu b/modules/secret-manager/versions.tofu
index 8119eeaf5..2325901e3 100644
--- a/modules/secret-manager/versions.tofu
+++ b/modules/secret-manager/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/secure-source-manager-instance/versions.tf b/modules/secure-source-manager-instance/versions.tf
index c81d8aad4..98e20c207 100644
--- a/modules/secure-source-manager-instance/versions.tf
+++ b/modules/secure-source-manager-instance/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/secure-source-manager-instance/versions.tofu b/modules/secure-source-manager-instance/versions.tofu
index ce6012e74..ba359a6b9 100644
--- a/modules/secure-source-manager-instance/versions.tofu
+++ b/modules/secure-source-manager-instance/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/service-directory/versions.tf b/modules/service-directory/versions.tf
index c381a1176..87e625265 100644
--- a/modules/service-directory/versions.tf
+++ b/modules/service-directory/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/service-directory/versions.tofu b/modules/service-directory/versions.tofu
index 3ef4ff0af..e53a3f034 100644
--- a/modules/service-directory/versions.tofu
+++ b/modules/service-directory/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/source-repository/versions.tf b/modules/source-repository/versions.tf
index 25f90e9e8..bcb4bafb2 100644
--- a/modules/source-repository/versions.tf
+++ b/modules/source-repository/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/source-repository/versions.tofu b/modules/source-repository/versions.tofu
index b9e4db5b5..f8a7e6cb8 100644
--- a/modules/source-repository/versions.tofu
+++ b/modules/source-repository/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/spanner-instance/versions.tf b/modules/spanner-instance/versions.tf
index 6d6256eab..c64e4251e 100644
--- a/modules/spanner-instance/versions.tf
+++ b/modules/spanner-instance/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/spanner-instance/versions.tofu b/modules/spanner-instance/versions.tofu
index 135773cb1..8c93285af 100644
--- a/modules/spanner-instance/versions.tofu
+++ b/modules/spanner-instance/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/vpc-sc/README.md b/modules/vpc-sc/README.md
index 81bc80293..f77c2cee6 100644
--- a/modules/vpc-sc/README.md
+++ b/modules/vpc-sc/README.md
@@ -193,6 +193,19 @@ module "test" {
resources = ["*"]
}
}
+ sa-roles = {
+ from = {
+ identities = [
+ "serviceAccount:test-tf-2@myproject.iam.gserviceaccount.com",
+ ]
+ access_levels = ["*"]
+ }
+ to = {
+ operations = [{ service_name = "*" }]
+ resources = ["*"]
+ roles = ["roles/storage.objectViewer"]
+ }
+ }
}
service_perimeters_regular = {
r1 = {
@@ -201,7 +214,7 @@ module "test" {
resources = ["projects/1111", "projects/2222"]
restricted_services = ["storage.googleapis.com"]
egress_policies = ["gcs-sa-foo"]
- ingress_policies = ["sa-tf-test"]
+ ingress_policies = ["sa-tf-test", "sa-roles"]
vpc_accessible_services = {
allowed_services = ["storage.googleapis.com"]
enable_restriction = true
@@ -394,14 +407,14 @@ status:
| [access_policy](variables.tf#L68) | Access Policy name, set to null if creating one. | string | ✓ | |
| [access_levels](variables.tf#L17) | Access level definitions. | map(object({…})) | | {} |
| [access_policy_create](variables.tf#L73) | Access Policy configuration, fill in to create. Parent is in 'organizations/123456' format, scopes are in 'folders/456789' or 'projects/project_id' format. | object({…}) | | null |
-| [egress_policies](variables.tf#L83) | Egress policy definitions that can be referenced in perimeters. | map(object({…})) | | {} |
-| [factories_config](variables.tf#L125) | Paths to folders that enable factory functionality. | object({…}) | | {} |
-| [iam](variables.tf#L143) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
-| [iam_bindings](variables.tf#L149) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} |
-| [iam_bindings_additive](variables.tf#L164) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} |
-| [ingress_policies](variables.tf#L179) | Ingress policy definitions that can be referenced in perimeters. | map(object({…})) | | {} |
-| [service_perimeters_bridge](variables.tf#L220) | Bridge service perimeters. | map(object({…})) | | {} |
-| [service_perimeters_regular](variables.tf#L232) | Regular service perimeters. | map(object({…})) | | {} |
+| [egress_policies](variables.tf#L83) | Egress policy definitions that can be referenced in perimeters. | map(object({…})) | | {} |
+| [factories_config](variables.tf#L126) | Paths to folders that enable factory functionality. | object({…}) | | {} |
+| [iam](variables.tf#L144) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} |
+| [iam_bindings](variables.tf#L150) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | map(object({…})) | | {} |
+| [iam_bindings_additive](variables.tf#L165) | Individual additive IAM bindings. Keys are arbitrary. | map(object({…})) | | {} |
+| [ingress_policies](variables.tf#L180) | Ingress policy definitions that can be referenced in perimeters. | map(object({…})) | | {} |
+| [service_perimeters_bridge](variables.tf#L222) | Bridge service perimeters. | map(object({…})) | | {} |
+| [service_perimeters_regular](variables.tf#L234) | Regular service perimeters. | map(object({…})) | | {} |
## Outputs
diff --git a/modules/vpc-sc/factory.tf b/modules/vpc-sc/factory.tf
index eab636174..824b52793 100644
--- a/modules/vpc-sc/factory.tf
+++ b/modules/vpc-sc/factory.tf
@@ -66,6 +66,7 @@ locals {
}, o)
]
resources = try(v.to.resources, [])
+ roles = try(v.to.roles, [])
}
}
}
@@ -87,6 +88,7 @@ locals {
}, o)
]
resources = try(v.to.resources, [])
+ roles = try(v.to.roles, [])
}
}
}
diff --git a/modules/vpc-sc/schemas/egress-policy.schema.json b/modules/vpc-sc/schemas/egress-policy.schema.json
index a6d96fc28..adc667acc 100644
--- a/modules/vpc-sc/schemas/egress-policy.schema.json
+++ b/modules/vpc-sc/schemas/egress-policy.schema.json
@@ -87,6 +87,12 @@
"items": {
"type": "string"
}
+ },
+ "roles": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
}
}
}
diff --git a/modules/vpc-sc/schemas/ingress-policy.schema.json b/modules/vpc-sc/schemas/ingress-policy.schema.json
index adb3cc381..e970c850b 100644
--- a/modules/vpc-sc/schemas/ingress-policy.schema.json
+++ b/modules/vpc-sc/schemas/ingress-policy.schema.json
@@ -79,6 +79,12 @@
"items": {
"type": "string"
}
+ },
+ "roles": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
}
}
}
diff --git a/modules/vpc-sc/service-perimeters-regular.tf b/modules/vpc-sc/service-perimeters-regular.tf
index 18b2dc4bc..120e6939b 100644
--- a/modules/vpc-sc/service-perimeters-regular.tf
+++ b/modules/vpc-sc/service-perimeters-regular.tf
@@ -105,6 +105,7 @@ resource "google_access_context_manager_service_perimeter" "regular" {
lookup(var.factories_config.context.resource_sets, r, [r])
])
+ roles = policy.value.to.roles
dynamic "operations" {
for_each = toset(policy.value.to.operations)
iterator = o
@@ -172,6 +173,7 @@ resource "google_access_context_manager_service_perimeter" "regular" {
for r in policy.value.to.resources :
lookup(var.factories_config.context.resource_sets, r, [r])
])
+ roles = policy.value.to.roles
dynamic "operations" {
for_each = toset(policy.value.to.operations)
iterator = o
@@ -276,6 +278,7 @@ resource "google_access_context_manager_service_perimeter" "regular" {
content {
external_resources = policy.value.to.external_resources
resources = policy.value.to.resources
+ roles = policy.value.to.roles
dynamic "operations" {
for_each = toset(policy.value.to.operations)
iterator = o
@@ -344,6 +347,7 @@ resource "google_access_context_manager_service_perimeter" "regular" {
for r in policy.value.to.resources :
lookup(var.factories_config.context.resource_sets, r, [r])
])
+ roles = policy.value.to.roles
dynamic "operations" {
for_each = toset(policy.value.to.operations)
iterator = o
diff --git a/modules/vpc-sc/variables.tf b/modules/vpc-sc/variables.tf
index 57231b889..6710a202b 100644
--- a/modules/vpc-sc/variables.tf
+++ b/modules/vpc-sc/variables.tf
@@ -98,6 +98,7 @@ variable "egress_policies" {
service_name = string
})), [])
resources = optional(list(string))
+ roles = optional(list(string))
})
}))
default = {}
@@ -193,6 +194,7 @@ variable "ingress_policies" {
service_name = string
})), [])
resources = optional(list(string))
+ roles = optional(list(string))
})
}))
default = {}
diff --git a/modules/vpc-sc/versions.tf b/modules/vpc-sc/versions.tf
index 8c9284d51..712c9545b 100644
--- a/modules/vpc-sc/versions.tf
+++ b/modules/vpc-sc/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/vpc-sc/versions.tofu b/modules/vpc-sc/versions.tofu
index 583d61508..d65195e53 100644
--- a/modules/vpc-sc/versions.tofu
+++ b/modules/vpc-sc/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/workstation-cluster/versions.tf b/modules/workstation-cluster/versions.tf
index bc7083801..7dd6c8184 100644
--- a/modules/workstation-cluster/versions.tf
+++ b/modules/workstation-cluster/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/modules/workstation-cluster/versions.tofu b/modules/workstation-cluster/versions.tofu
index 7594174b6..383babb34 100644
--- a/modules/workstation-cluster/versions.tofu
+++ b/modules/workstation-cluster/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/tests/examples/test_plan.py b/tests/examples/test_plan.py
index 7215486e8..8ce2bd247 100644
--- a/tests/examples/test_plan.py
+++ b/tests/examples/test_plan.py
@@ -105,7 +105,7 @@ def _test_terraform_example(plan_validator, example):
result = subprocess.run(
f'{binary} fmt -check -diff -no-color main.tf'.split(), cwd=tmp_path,
stdout=subprocess.PIPE, encoding='utf-8')
- assert result.returncode == 0, f'terraform code not formatted correctly\n{result.stdout}'
+ assert result.returncode == 0, f'terraform example code in README.md not formatted correctly\n{result.stdout}'
def _test_yaml_example(example):
diff --git a/tests/examples_e2e/setup_module/versions.tf b/tests/examples_e2e/setup_module/versions.tf
index bbc8ced35..212ce2da6 100644
--- a/tests/examples_e2e/setup_module/versions.tf
+++ b/tests/examples_e2e/setup_module/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/tests/examples_e2e/setup_module/versions.tofu b/tests/examples_e2e/setup_module/versions.tofu
index 4944a26d2..300c4f234 100644
--- a/tests/examples_e2e/setup_module/versions.tofu
+++ b/tests/examples_e2e/setup_module/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/tests/modules/cloud_run_v2/examples/service-invoker-iam-disable.yaml b/tests/modules/cloud_run_v2/examples/service-invoker-iam-disable.yaml
new file mode 100644
index 000000000..7b1dddffd
--- /dev/null
+++ b/tests/modules/cloud_run_v2/examples/service-invoker-iam-disable.yaml
@@ -0,0 +1,40 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cloud_run.google_cloud_run_v2_service.service[0]:
+ location: europe-west8
+ name: hello
+ project: project-id
+ template:
+ - containers:
+ - args: null
+ command: null
+ depends_on: null
+ env: []
+ image: us-docker.pkg.dev/cloudrun/container/hello
+ name: hello
+ volume_mounts: []
+ working_dir: null
+ execution_environment: EXECUTION_ENVIRONMENT_GEN1
+ volumes: []
+ vpc_access: []
+ invoker_iam_disabled: true
+
+counts:
+ google_cloud_run_v2_service: 1
+ modules: 1
+ resources: 1
+
+outputs: {}
diff --git a/tests/modules/gke_cluster_autopilot/examples/access-google.yaml b/tests/modules/gke_cluster_autopilot/examples/access-google.yaml
new file mode 100644
index 000000000..5ce9fd4c4
--- /dev/null
+++ b/tests/modules/gke_cluster_autopilot/examples/access-google.yaml
@@ -0,0 +1,130 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1.google_container_cluster.cluster:
+ addons_config:
+ - cloudrun_config:
+ - disabled: true
+ load_balancer_type: null
+ config_connector_config:
+ - enabled: false
+ gke_backup_agent_config:
+ - enabled: false
+ horizontal_pod_autoscaling:
+ - disabled: false
+ http_load_balancing:
+ - disabled: false
+ kalm_config:
+ - enabled: false
+ allow_net_admin: false
+ binary_authorization: []
+ cluster_autoscaling:
+ - auto_provisioning_defaults:
+ - boot_disk_kms_key: null
+ disk_size: null
+ disk_type: null
+ image_type: null
+ min_cpu_platform: null
+ service_account: default
+ shielded_instance_config: []
+ autoscaling_profile: null
+ resource_limits: []
+ control_plane_endpoints_config:
+ - dns_endpoint_config:
+ - allow_external_traffic: true
+ ip_endpoints_config:
+ - enabled: true
+ cost_management_config:
+ - enabled: true
+ deletion_protection: true
+ description: null
+ dns_config: []
+ effective_labels:
+ environment: dev
+ goog-terraform-provisioned: 'true'
+ enable_autopilot: true
+ enable_cilium_clusterwide_network_policy: false
+ enable_fqdn_network_policy: false
+ enable_intranode_visibility: true
+ enable_k8s_beta_apis: []
+ enable_kubernetes_alpha: false
+ enable_l4_ilb_subsetting: false
+ enable_legacy_abac: false
+ enable_multi_networking: false
+ enable_shielded_nodes: true
+ enable_tpu: false
+ fleet: []
+ initial_node_count: 1
+ ip_allocation_policy:
+ - additional_pod_ranges_config: []
+ cluster_secondary_range_name: pods
+ services_secondary_range_name: services
+ stack_type: IPV4
+ location: europe-west1
+ logging_config:
+ - enable_components:
+ - SYSTEM_COMPONENTS
+ - WORKLOADS
+ maintenance_policy:
+ - daily_maintenance_window:
+ - start_time: 03:00
+ maintenance_exclusion: []
+ recurring_window: []
+ master_auth:
+ - client_certificate_config:
+ - issue_client_certificate: false
+ master_authorized_networks_config:
+ - cidr_blocks:
+ - cidr_block: 10.0.0.0/8
+ display_name: internal-vms
+ gcp_public_cidrs_access_enabled: true
+ min_master_version: null
+ monitoring_config:
+ - enable_components:
+ - SYSTEM_COMPONENTS
+ managed_prometheus:
+ - enabled: true
+ name: cluster-1
+ network: projects/xxx/global/networks/aaa
+ network_policy: []
+ networking_mode: VPC_NATIVE
+ pod_security_policy_config: []
+ private_cluster_config:
+ - enable_private_endpoint: true
+ enable_private_nodes: true
+ master_global_access_config:
+ - enabled: true
+ private_endpoint_subnetwork: null
+ project: myproject
+ release_channel:
+ - channel: REGULAR
+ remove_default_node_pool: null
+ resource_labels:
+ environment: dev
+ resource_usage_export_config: []
+ secret_manager_config: []
+ subnetwork: subnet_self_link
+ terraform_labels:
+ environment: dev
+ goog-terraform-provisioned: 'true'
+ timeouts: null
+ user_managed_keys_config: []
+
+counts:
+ google_container_cluster: 1
+ modules: 1
+ resources: 1
+
+outputs: {}
diff --git a/tests/modules/gke_cluster_autopilot/examples/basic.yaml b/tests/modules/gke_cluster_autopilot/examples/basic.yaml
index c30eda99a..845e89a57 100644
--- a/tests/modules/gke_cluster_autopilot/examples/basic.yaml
+++ b/tests/modules/gke_cluster_autopilot/examples/basic.yaml
@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -44,6 +44,10 @@ values:
control_plane_endpoints_config:
- dns_endpoint_config:
- allow_external_traffic: true
+ ip_endpoints_config:
+ - enabled: true
+ cost_management_config:
+ - enabled: true
deletion_protection: true
description: null
dns_config: []
@@ -85,6 +89,7 @@ values:
- cidr_blocks:
- cidr_block: 10.0.0.0/8
display_name: internal-vms
+ gcp_public_cidrs_access_enabled: false
min_master_version: null
monitoring_config:
- enable_components:
@@ -116,3 +121,10 @@ values:
goog-terraform-provisioned: 'true'
timeouts: null
user_managed_keys_config: []
+
+counts:
+ google_container_cluster: 1
+ modules: 1
+ resources: 1
+
+outputs: {}
diff --git a/tests/modules/gke_cluster_autopilot/examples/no-ip-access.yaml b/tests/modules/gke_cluster_autopilot/examples/no-ip-access.yaml
new file mode 100644
index 000000000..f02a051cd
--- /dev/null
+++ b/tests/modules/gke_cluster_autopilot/examples/no-ip-access.yaml
@@ -0,0 +1,123 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1.google_container_cluster.cluster:
+ addons_config:
+ - cloudrun_config:
+ - disabled: true
+ load_balancer_type: null
+ config_connector_config:
+ - enabled: false
+ gke_backup_agent_config:
+ - enabled: false
+ horizontal_pod_autoscaling:
+ - disabled: false
+ http_load_balancing:
+ - disabled: false
+ kalm_config:
+ - enabled: false
+ allow_net_admin: false
+ binary_authorization: []
+ cluster_autoscaling:
+ - auto_provisioning_defaults:
+ - boot_disk_kms_key: null
+ disk_size: null
+ disk_type: null
+ image_type: null
+ min_cpu_platform: null
+ service_account: default
+ shielded_instance_config: []
+ autoscaling_profile: null
+ resource_limits: []
+ control_plane_endpoints_config:
+ - dns_endpoint_config:
+ - allow_external_traffic: true
+ ip_endpoints_config:
+ - enabled: false
+ cost_management_config:
+ - enabled: true
+ deletion_protection: true
+ description: null
+ dns_config: []
+ effective_labels:
+ environment: dev
+ goog-terraform-provisioned: 'true'
+ enable_autopilot: true
+ enable_cilium_clusterwide_network_policy: false
+ enable_fqdn_network_policy: false
+ enable_intranode_visibility: true
+ enable_k8s_beta_apis: []
+ enable_kubernetes_alpha: false
+ enable_l4_ilb_subsetting: false
+ enable_legacy_abac: false
+ enable_multi_networking: false
+ enable_shielded_nodes: true
+ enable_tpu: false
+ fleet: []
+ initial_node_count: 1
+ ip_allocation_policy:
+ - additional_pod_ranges_config: []
+ cluster_secondary_range_name: pods
+ services_secondary_range_name: services
+ stack_type: IPV4
+ location: europe-west1
+ logging_config:
+ - enable_components:
+ - SYSTEM_COMPONENTS
+ - WORKLOADS
+ maintenance_policy:
+ - daily_maintenance_window:
+ - start_time: 03:00
+ maintenance_exclusion: []
+ recurring_window: []
+ master_auth:
+ - client_certificate_config:
+ - issue_client_certificate: false
+ min_master_version: null
+ monitoring_config:
+ - enable_components:
+ - SYSTEM_COMPONENTS
+ managed_prometheus:
+ - enabled: true
+ name: cluster-1
+ network: projects/xxx/global/networks/aaa
+ network_policy: []
+ networking_mode: VPC_NATIVE
+ pod_security_policy_config: []
+ private_cluster_config:
+ - enable_private_endpoint: true
+ enable_private_nodes: true
+ private_endpoint_subnetwork: null
+ project: myproject
+ release_channel:
+ - channel: REGULAR
+ remove_default_node_pool: null
+ resource_labels:
+ environment: dev
+ resource_usage_export_config: []
+ secret_manager_config: []
+ subnetwork: subnet_self_link
+ terraform_labels:
+ environment: dev
+ goog-terraform-provisioned: 'true'
+ timeouts: null
+ user_managed_keys_config: []
+
+counts:
+ google_container_cluster: 1
+ modules: 1
+ resources: 1
+
+outputs: {}
diff --git a/tests/modules/gke_cluster_standard/examples/access-google.yaml b/tests/modules/gke_cluster_standard/examples/access-google.yaml
new file mode 100644
index 000000000..6480b86ce
--- /dev/null
+++ b/tests/modules/gke_cluster_standard/examples/access-google.yaml
@@ -0,0 +1,160 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1.google_container_cluster.cluster:
+ addons_config:
+ - cloudrun_config:
+ - disabled: true
+ load_balancer_type: null
+ config_connector_config:
+ - enabled: false
+ dns_cache_config:
+ - enabled: true
+ gce_persistent_disk_csi_driver_config:
+ - enabled: true
+ gcp_filestore_csi_driver_config:
+ - enabled: true
+ gcs_fuse_csi_driver_config:
+ - enabled: true
+ gke_backup_agent_config:
+ - enabled: false
+ horizontal_pod_autoscaling:
+ - disabled: false
+ http_load_balancing:
+ - disabled: false
+ istio_config:
+ - auth: null
+ disabled: true
+ kalm_config:
+ - enabled: false
+ network_policy_config:
+ - disabled: true
+ stateful_ha_config:
+ - enabled: false
+ allow_net_admin: null
+ binary_authorization: []
+ control_plane_endpoints_config:
+ - dns_endpoint_config:
+ - allow_external_traffic: false
+ ip_endpoints_config:
+ - enabled: true
+ cost_management_config:
+ - enabled: true
+ datapath_provider: ADVANCED_DATAPATH
+ default_max_pods_per_node: 32
+ deletion_protection: true
+ description: null
+ dns_config: []
+ effective_labels:
+ environment: dev
+ goog-terraform-provisioned: 'true'
+ enable_autopilot: null
+ enable_cilium_clusterwide_network_policy: false
+ enable_fqdn_network_policy: true
+ enable_intranode_visibility: false
+ enable_k8s_beta_apis: []
+ enable_kubernetes_alpha: false
+ enable_l4_ilb_subsetting: false
+ enable_legacy_abac: false
+ enable_multi_networking: false
+ enable_shielded_nodes: false
+ enable_tpu: false
+ fleet: []
+ initial_node_count: 1
+ ip_allocation_policy:
+ - additional_pod_ranges_config: []
+ cluster_secondary_range_name: pods
+ services_secondary_range_name: services
+ stack_type: IPV4
+ location: europe-west1-b
+ logging_config:
+ - enable_components:
+ - SYSTEM_COMPONENTS
+ maintenance_policy:
+ - daily_maintenance_window:
+ - start_time: 03:00
+ maintenance_exclusion: []
+ recurring_window: []
+ master_auth:
+ - client_certificate_config:
+ - issue_client_certificate: false
+ master_authorized_networks_config:
+ - cidr_blocks:
+ - cidr_block: 10.0.0.0/8
+ display_name: internal-vms
+ gcp_public_cidrs_access_enabled: false
+ min_master_version: null
+ monitoring_config:
+ - enable_components:
+ - SYSTEM_COMPONENTS
+ managed_prometheus:
+ - enabled: true
+ name: cluster-1
+ network: projects/xxx/global/networks/aaa
+ network_policy: []
+ node_config:
+ - advanced_machine_features: []
+ boot_disk_kms_key: null
+ containerd_config: []
+ enable_confidential_storage: null
+ ephemeral_storage_config: []
+ ephemeral_storage_local_ssd_config: []
+ fast_socket: []
+ gvnic: []
+ host_maintenance_policy: []
+ linux_node_config: []
+ local_nvme_ssd_block_config: []
+ local_ssd_encryption_mode: null
+ max_run_duration: null
+ node_group: null
+ preemptible: false
+ reservation_affinity: []
+ resource_labels: null
+ resource_manager_tags: null
+ sandbox_config: []
+ secondary_boot_disks: []
+ sole_tenant_config: []
+ spot: false
+ storage_pools: null
+ tags: null
+ taint: []
+ node_pool_defaults:
+ - node_config_defaults:
+ - containerd_config: []
+ gcfs_config:
+ - enabled: false
+ pod_security_policy_config: []
+ private_cluster_config: []
+ project: myproject
+ remove_default_node_pool: true
+ resource_labels:
+ environment: dev
+ resource_usage_export_config: []
+ secret_manager_config: []
+ subnetwork: subnet_self_link
+ terraform_labels:
+ environment: dev
+ goog-terraform-provisioned: 'true'
+ timeouts: null
+ user_managed_keys_config: []
+ workload_identity_config:
+ - workload_pool: myproject.svc.id.goog
+
+counts:
+ google_container_cluster: 1
+ modules: 1
+ resources: 1
+
+outputs: {}
diff --git a/tests/modules/gke_cluster_standard/examples/access-private.yaml b/tests/modules/gke_cluster_standard/examples/access-private.yaml
index 0bae23a80..26b5817d8 100644
--- a/tests/modules/gke_cluster_standard/examples/access-private.yaml
+++ b/tests/modules/gke_cluster_standard/examples/access-private.yaml
@@ -48,6 +48,8 @@ values:
control_plane_endpoints_config:
- dns_endpoint_config:
- allow_external_traffic: true
+ ip_endpoints_config:
+ - enabled: true
cost_management_config:
- enabled: true
datapath_provider: ADVANCED_DATAPATH
@@ -92,6 +94,7 @@ values:
- cidr_blocks:
- cidr_block: 10.0.0.0/8
display_name: internal-vms
+ gcp_public_cidrs_access_enabled: false
min_master_version: null
monitoring_config:
- enable_components:
diff --git a/tests/modules/gke_cluster_standard/examples/access-public.yaml b/tests/modules/gke_cluster_standard/examples/access-public.yaml
index af2a1ee5c..dd500303d 100644
--- a/tests/modules/gke_cluster_standard/examples/access-public.yaml
+++ b/tests/modules/gke_cluster_standard/examples/access-public.yaml
@@ -45,6 +45,11 @@ values:
- enabled: false
allow_net_admin: null
binary_authorization: []
+ control_plane_endpoints_config:
+ - dns_endpoint_config:
+ - allow_external_traffic: false
+ ip_endpoints_config:
+ - enabled: true
cost_management_config:
- enabled: true
datapath_provider: ADVANCED_DATAPATH
@@ -89,6 +94,7 @@ values:
- cidr_blocks:
- cidr_block: 8.8.8.8/32
display_name: corporate proxy
+ gcp_public_cidrs_access_enabled: false
min_master_version: null
monitoring_config:
- enable_components:
diff --git a/tests/modules/gke_cluster_standard/examples/no-ip-access.yaml b/tests/modules/gke_cluster_standard/examples/no-ip-access.yaml
new file mode 100644
index 000000000..f02a051cd
--- /dev/null
+++ b/tests/modules/gke_cluster_standard/examples/no-ip-access.yaml
@@ -0,0 +1,123 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1.google_container_cluster.cluster:
+ addons_config:
+ - cloudrun_config:
+ - disabled: true
+ load_balancer_type: null
+ config_connector_config:
+ - enabled: false
+ gke_backup_agent_config:
+ - enabled: false
+ horizontal_pod_autoscaling:
+ - disabled: false
+ http_load_balancing:
+ - disabled: false
+ kalm_config:
+ - enabled: false
+ allow_net_admin: false
+ binary_authorization: []
+ cluster_autoscaling:
+ - auto_provisioning_defaults:
+ - boot_disk_kms_key: null
+ disk_size: null
+ disk_type: null
+ image_type: null
+ min_cpu_platform: null
+ service_account: default
+ shielded_instance_config: []
+ autoscaling_profile: null
+ resource_limits: []
+ control_plane_endpoints_config:
+ - dns_endpoint_config:
+ - allow_external_traffic: true
+ ip_endpoints_config:
+ - enabled: false
+ cost_management_config:
+ - enabled: true
+ deletion_protection: true
+ description: null
+ dns_config: []
+ effective_labels:
+ environment: dev
+ goog-terraform-provisioned: 'true'
+ enable_autopilot: true
+ enable_cilium_clusterwide_network_policy: false
+ enable_fqdn_network_policy: false
+ enable_intranode_visibility: true
+ enable_k8s_beta_apis: []
+ enable_kubernetes_alpha: false
+ enable_l4_ilb_subsetting: false
+ enable_legacy_abac: false
+ enable_multi_networking: false
+ enable_shielded_nodes: true
+ enable_tpu: false
+ fleet: []
+ initial_node_count: 1
+ ip_allocation_policy:
+ - additional_pod_ranges_config: []
+ cluster_secondary_range_name: pods
+ services_secondary_range_name: services
+ stack_type: IPV4
+ location: europe-west1
+ logging_config:
+ - enable_components:
+ - SYSTEM_COMPONENTS
+ - WORKLOADS
+ maintenance_policy:
+ - daily_maintenance_window:
+ - start_time: 03:00
+ maintenance_exclusion: []
+ recurring_window: []
+ master_auth:
+ - client_certificate_config:
+ - issue_client_certificate: false
+ min_master_version: null
+ monitoring_config:
+ - enable_components:
+ - SYSTEM_COMPONENTS
+ managed_prometheus:
+ - enabled: true
+ name: cluster-1
+ network: projects/xxx/global/networks/aaa
+ network_policy: []
+ networking_mode: VPC_NATIVE
+ pod_security_policy_config: []
+ private_cluster_config:
+ - enable_private_endpoint: true
+ enable_private_nodes: true
+ private_endpoint_subnetwork: null
+ project: myproject
+ release_channel:
+ - channel: REGULAR
+ remove_default_node_pool: null
+ resource_labels:
+ environment: dev
+ resource_usage_export_config: []
+ secret_manager_config: []
+ subnetwork: subnet_self_link
+ terraform_labels:
+ environment: dev
+ goog-terraform-provisioned: 'true'
+ timeouts: null
+ user_managed_keys_config: []
+
+counts:
+ google_container_cluster: 1
+ modules: 1
+ resources: 1
+
+outputs: {}
diff --git a/tests/modules/gke_cluster_standard/examples/regional.yaml b/tests/modules/gke_cluster_standard/examples/regional.yaml
index 667b72ac6..79bc83942 100644
--- a/tests/modules/gke_cluster_standard/examples/regional.yaml
+++ b/tests/modules/gke_cluster_standard/examples/regional.yaml
@@ -48,6 +48,8 @@ values:
control_plane_endpoints_config:
- dns_endpoint_config:
- allow_external_traffic: true
+ ip_endpoints_config:
+ - enabled: true
cost_management_config:
- enabled: true
datapath_provider: ADVANCED_DATAPATH
@@ -92,6 +94,7 @@ values:
- cidr_blocks:
- cidr_block: 10.0.0.0/8
display_name: internal-vms
+ gcp_public_cidrs_access_enabled: false
min_master_version: null
monitoring_config:
- enable_components:
diff --git a/tests/modules/vpc_sc/examples/regular.yaml b/tests/modules/vpc_sc/examples/regular.yaml
index d352c097a..e84dea712 100644
--- a/tests/modules/vpc_sc/examples/regular.yaml
+++ b/tests/modules/vpc_sc/examples/regular.yaml
@@ -24,9 +24,12 @@ values:
negate: null
regions: []
required_access_levels: []
+ vpc_network_sources: []
custom: []
+ description: null
name: accessPolicies/12345678/accessLevels/a1
parent: accessPolicies/12345678
+ timeouts: null
title: a1
module.test.google_access_context_manager_access_level.basic["a2"]:
basic:
@@ -39,11 +42,15 @@ values:
negate: null
regions: []
required_access_levels: []
+ vpc_network_sources: []
custom: []
+ description: null
name: accessPolicies/12345678/accessLevels/a2
parent: accessPolicies/12345678
+ timeouts: null
title: a2
module.test.google_access_context_manager_service_perimeter.regular["r1"]:
+ description: null
name: accessPolicies/12345678/servicePerimeters/r1
parent: accessPolicies/12345678
perimeter_type: PERIMETER_TYPE_REGULAR
@@ -54,6 +61,8 @@ values:
- identities:
- serviceAccount:foo@myproject.iam.gserviceaccount.com
identity_type: null
+ source_restriction: SOURCE_RESTRICTION_DISABLED
+ sources: []
egress_to:
- external_resources: null
operations:
@@ -63,20 +72,41 @@ values:
service_name: storage.googleapis.com
resources:
- projects/123456789
+ roles: null
+ title: gcs-sa-foo
ingress_policies:
- ingress_from:
- identities:
- - serviceAccount:test-tf-0@myproject.iam.gserviceaccount.com
- - serviceAccount:test-tf-1@myproject.iam.gserviceaccount.com
+ - serviceAccount:test-tf-2@myproject.iam.gserviceaccount.com
identity_type: null
sources:
- - resource: null
+ - access_level: '*'
+ resource: null
ingress_to:
- operations:
- method_selectors: []
service_name: '*'
resources:
- '*'
+ roles:
+ - roles/storage.objectViewer
+ title: sa-roles
+ - ingress_from:
+ - identities:
+ - serviceAccount:test-tf-0@myproject.iam.gserviceaccount.com
+ - serviceAccount:test-tf-1@myproject.iam.gserviceaccount.com
+ identity_type: null
+ sources:
+ - access_level: '*'
+ resource: null
+ ingress_to:
+ - operations:
+ - method_selectors: []
+ service_name: '*'
+ resources:
+ - '*'
+ roles: null
+ title: sa-tf-test
resources:
- projects/1111
- projects/2222
@@ -86,6 +116,7 @@ values:
- allowed_services:
- storage.googleapis.com
enable_restriction: true
+ timeouts: null
title: r1
use_explicit_dry_run_spec: false
diff --git a/tools/lockfile/versions.tf b/tools/lockfile/versions.tf
index 78619b0de..dce6d9769 100644
--- a/tools/lockfile/versions.tf
+++ b/tools/lockfile/versions.tf
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {
diff --git a/tools/lockfile/versions.tofu b/tools/lockfile/versions.tofu
index 23cc7d77d..2ec3b260a 100644
--- a/tools/lockfile/versions.tofu
+++ b/tools/lockfile/versions.tofu
@@ -19,11 +19,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 6.21.0, < 7.0.0" # tftest
+ version = ">= 6.28.0, < 7.0.0" # tftest
}
}
provider_meta "google" {