Allow setting resource policies in compute-vm module (#3336)
* allow setting resource policies in compute-vm module * Update modules/compute-vm/resource-policies.tf Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com> * revert splat change --------- Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
4102e53588
commit
f7e7b2ccf8
@@ -36,7 +36,7 @@ In both modes, an optional service account can be created and assigned to either
|
|||||||
- [Global template](#global-template)
|
- [Global template](#global-template)
|
||||||
- [Regional template](#regional-template)
|
- [Regional template](#regional-template)
|
||||||
- [Instance group](#instance-group)
|
- [Instance group](#instance-group)
|
||||||
- [Instance Schedule](#instance-schedule)
|
- [Instance Schedule and Resource Policies](#instance-schedule-and-resource-policies)
|
||||||
- [Snapshot Schedules](#snapshot-schedules)
|
- [Snapshot Schedules](#snapshot-schedules)
|
||||||
- [Resource Manager Tags](#resource-manager-tags)
|
- [Resource Manager Tags](#resource-manager-tags)
|
||||||
- [Sole Tenancy](#sole-tenancy)
|
- [Sole Tenancy](#sole-tenancy)
|
||||||
@@ -740,11 +740,9 @@ module "instance-group" {
|
|||||||
# tftest inventory=group.yaml e2e
|
# tftest inventory=group.yaml e2e
|
||||||
```
|
```
|
||||||
|
|
||||||
### Instance Schedule
|
### Instance Schedule and Resource Policies
|
||||||
|
|
||||||
Instance start and stop schedules can be defined via an existing or auto-created resource policy. This functionality requires [additional permissions on Compute Engine Service Agent](https://cloud.google.com/compute/docs/instances/schedule-instance-start-stop#service_agent_required_roles)
|
One instance start and stop schedule can be defined via the `instance_schedule` variable. Note that this requires [additional permissions on Compute Engine Service Agent](https://cloud.google.com/compute/docs/instances/schedule-instance-start-stop#service_agent_required_roles). Already defined resource policies can be set via the `resource_policies` variable.
|
||||||
|
|
||||||
To use an existing policy pass its id to the `instance_schedule` variable:
|
|
||||||
|
|
||||||
```hcl
|
```hcl
|
||||||
module "instance" {
|
module "instance" {
|
||||||
@@ -761,9 +759,9 @@ module "instance" {
|
|||||||
image = "projects/cos-cloud/global/images/family/cos-stable"
|
image = "projects/cos-cloud/global/images/family/cos-stable"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
instance_schedule = {
|
resource_policies = [
|
||||||
resource_policy_id = "projects/${var.project_id}/regions/${var.region}/resourcePolicies/test"
|
"projects/${var.project_id}/regions/${var.region}/resourcePolicies/test"
|
||||||
}
|
]
|
||||||
}
|
}
|
||||||
# tftest inventory=instance-schedule-id.yaml
|
# tftest inventory=instance-schedule-id.yaml
|
||||||
```
|
```
|
||||||
@@ -805,10 +803,8 @@ module "instance" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
instance_schedule = {
|
instance_schedule = {
|
||||||
create_config = {
|
vm_start = "0 8 * * *"
|
||||||
vm_start = "0 8 * * *"
|
vm_stop = "0 17 * * *"
|
||||||
vm_stop = "0 17 * * *"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
depends_on = [module.project] # ensure that grants are complete before creating schedule / instance
|
depends_on = [module.project] # ensure that grants are complete before creating schedule / instance
|
||||||
}
|
}
|
||||||
@@ -941,10 +937,10 @@ module "sole-tenancy" {
|
|||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [name](variables.tf#L277) | Instance name. | <code>string</code> | ✓ | |
|
| [name](variables.tf#L266) | Instance name. | <code>string</code> | ✓ | |
|
||||||
| [network_interfaces](variables.tf#L289) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list(object({ network = string subnetwork = string alias_ips = optional(map(string), {}) nat = optional(bool, false) nic_type = optional(string) stack_type = optional(string) addresses = optional(object({ internal = optional(string) external = optional(string) }), null) network_tier = optional(string) }))">list(object({…}))</code> | ✓ | |
|
| [network_interfaces](variables.tf#L278) | Network interfaces configuration. Use self links for Shared VPC, set addresses to null if not needed. | <code title="list(object({ network = string subnetwork = string alias_ips = optional(map(string), {}) nat = optional(bool, false) nic_type = optional(string) stack_type = optional(string) addresses = optional(object({ internal = optional(string) external = optional(string) }), null) network_tier = optional(string) }))">list(object({…}))</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L374) | Project id. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L363) | Project id. | <code>string</code> | ✓ | |
|
||||||
| [zone](variables.tf#L487) | Compute zone. | <code>string</code> | ✓ | |
|
| [zone](variables.tf#L483) | Compute zone. | <code>string</code> | ✓ | |
|
||||||
| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | <code title="object({ auto_delete = optional(bool, false) mode = string replica_zone = string type = string })">object({…})</code> | | <code title="{ auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" }">{…}</code> |
|
| [attached_disk_defaults](variables.tf#L17) | Defaults for attached disks options. | <code title="object({ auto_delete = optional(bool, false) mode = string replica_zone = string type = string })">object({…})</code> | | <code title="{ auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" }">{…}</code> |
|
||||||
| [attached_disks](variables.tf#L37) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | <code title="list(object({ name = optional(string) device_name = optional(string) size = string snapshot_schedule = optional(list(string)) source = optional(string) source_type = optional(string) options = optional( object({ auto_delete = optional(bool, false) mode = optional(string, "READ_WRITE") replica_zone = optional(string) type = optional(string, "pd-balanced") }), { auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" } ) }))">list(object({…}))</code> | | <code>[]</code> |
|
| [attached_disks](variables.tf#L37) | Additional disks, if options is null defaults will be used in its place. Source type is one of 'image' (zonal disks in vms and template), 'snapshot' (vm), 'existing', and null. | <code title="list(object({ name = optional(string) device_name = optional(string) size = string snapshot_schedule = optional(list(string)) source = optional(string) source_type = optional(string) options = optional( object({ auto_delete = optional(bool, false) mode = optional(string, "READ_WRITE") replica_zone = optional(string) type = optional(string, "pd-balanced") }), { auto_delete = true mode = "READ_WRITE" replica_zone = null type = "pd-balanced" } ) }))">list(object({…}))</code> | | <code>[]</code> |
|
||||||
| [boot_disk](variables.tf#L82) | Boot disk properties. Initialize params are ignored when source is set. | <code title="object({ auto_delete = optional(bool, true) snapshot_schedule = optional(list(string)) source = optional(string) initialize_params = optional(object({ image = optional(string, "projects/debian-cloud/global/images/family/debian-11") size = optional(number, 10) type = optional(string, "pd-balanced") }), {}) use_independent_disk = optional(bool, false) })">object({…})</code> | | <code title="{ initialize_params = {} }">{…}</code> |
|
| [boot_disk](variables.tf#L82) | Boot disk properties. Initialize params are ignored when source is set. | <code title="object({ auto_delete = optional(bool, true) snapshot_schedule = optional(list(string)) source = optional(string) initialize_params = optional(object({ image = optional(string, "projects/debian-cloud/global/images/family/debian-11") size = optional(number, 10) type = optional(string, "pd-balanced") }), {}) use_independent_disk = optional(bool, false) })">object({…})</code> | | <code title="{ initialize_params = {} }">{…}</code> |
|
||||||
@@ -958,23 +954,24 @@ module "sole-tenancy" {
|
|||||||
| [group](variables.tf#L191) | Define this variable to create an instance group for instances. Disabled for template use. | <code title="object({ named_ports = map(number) })">object({…})</code> | | <code>null</code> |
|
| [group](variables.tf#L191) | Define this variable to create an instance group for instances. Disabled for template use. | <code title="object({ named_ports = map(number) })">object({…})</code> | | <code>null</code> |
|
||||||
| [hostname](variables.tf#L199) | Instance FQDN name. | <code>string</code> | | <code>null</code> |
|
| [hostname](variables.tf#L199) | Instance FQDN name. | <code>string</code> | | <code>null</code> |
|
||||||
| [iam](variables.tf#L205) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
| [iam](variables.tf#L205) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||||
| [instance_schedule](variables.tf#L211) | Assign or create and assign an instance schedule policy. Either resource policy id or create_config must be specified if not null. Set active to null to dtach a policy from vm before destroying. | <code title="object({ resource_policy_id = optional(string) create_config = optional(object({ active = optional(bool, true) description = optional(string) expiration_time = optional(string) start_time = optional(string) timezone = optional(string, "UTC") vm_start = optional(string) vm_stop = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
| [instance_schedule](variables.tf#L211) | Assign or create and assign an instance schedule policy. Either resource policy id or create_config must be specified if not null. Set active to null to dtach a policy from vm before destroying. | <code title="object({ active = optional(bool, true) description = optional(string) expiration_time = optional(string) start_time = optional(string) timezone = optional(string, "UTC") vm_start = optional(string) vm_stop = optional(string) })">object({…})</code> | | <code>null</code> |
|
||||||
| [instance_type](variables.tf#L246) | Instance type. | <code>string</code> | | <code>"f1-micro"</code> |
|
| [instance_type](variables.tf#L235) | Instance type. | <code>string</code> | | <code>"f1-micro"</code> |
|
||||||
| [labels](variables.tf#L252) | Instance labels. | <code>map(string)</code> | | <code>{}</code> |
|
| [labels](variables.tf#L241) | Instance labels. | <code>map(string)</code> | | <code>{}</code> |
|
||||||
| [metadata](variables.tf#L258) | Instance metadata. | <code>map(string)</code> | | <code>{}</code> |
|
| [metadata](variables.tf#L247) | Instance metadata. | <code>map(string)</code> | | <code>{}</code> |
|
||||||
| [metadata_startup_script](variables.tf#L264) | Instance startup script. Will trigger recreation on change, even after importing. | <code>string</code> | | <code>null</code> |
|
| [metadata_startup_script](variables.tf#L253) | Instance startup script. Will trigger recreation on change, even after importing. | <code>string</code> | | <code>null</code> |
|
||||||
| [min_cpu_platform](variables.tf#L271) | Minimum CPU platform. | <code>string</code> | | <code>null</code> |
|
| [min_cpu_platform](variables.tf#L260) | Minimum CPU platform. | <code>string</code> | | <code>null</code> |
|
||||||
| [network_attached_interfaces](variables.tf#L282) | Network interfaces using network attachments. | <code>list(string)</code> | | <code>[]</code> |
|
| [network_attached_interfaces](variables.tf#L271) | Network interfaces using network attachments. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
| [network_tag_bindings](variables.tf#L310) | Resource manager tag bindings in arbitrary key => tag key or value id format. Set on both the instance only for networking purposes, and modifiable without impacting the main resource lifecycle. | <code>map(string)</code> | | <code>{}</code> |
|
| [network_tag_bindings](variables.tf#L299) | Resource manager tag bindings in arbitrary key => tag key or value id format. Set on both the instance only for networking purposes, and modifiable without impacting the main resource lifecycle. | <code>map(string)</code> | | <code>{}</code> |
|
||||||
| [options](variables.tf#L317) | Instance options. | <code title="object({ advanced_machine_features = optional(object({ enable_nested_virtualization = optional(bool) enable_turbo_mode = optional(bool) enable_uefi_networking = optional(bool) performance_monitoring_unit = optional(string) threads_per_core = optional(number) visible_core_count = optional(number) })) allow_stopping_for_update = optional(bool, true) deletion_protection = optional(bool, false) graceful_shutdown = optional(object({ enabled = optional(bool, false) max_duration_secs = optional(number) })) max_run_duration = optional(object({ nanos = optional(number) seconds = number })) node_affinities = optional(map(object({ values = list(string) in = optional(bool, true) })), {}) spot = optional(bool, false) termination_action = optional(string) })">object({…})</code> | | <code title="{ allow_stopping_for_update = true deletion_protection = false spot = false termination_action = null }">{…}</code> |
|
| [options](variables.tf#L306) | Instance options. | <code title="object({ advanced_machine_features = optional(object({ enable_nested_virtualization = optional(bool) enable_turbo_mode = optional(bool) enable_uefi_networking = optional(bool) performance_monitoring_unit = optional(string) threads_per_core = optional(number) visible_core_count = optional(number) })) allow_stopping_for_update = optional(bool, true) deletion_protection = optional(bool, false) graceful_shutdown = optional(object({ enabled = optional(bool, false) max_duration_secs = optional(number) })) max_run_duration = optional(object({ nanos = optional(number) seconds = number })) node_affinities = optional(map(object({ values = list(string) in = optional(bool, true) })), {}) spot = optional(bool, false) termination_action = optional(string) })">object({…})</code> | | <code title="{ allow_stopping_for_update = true deletion_protection = false spot = false termination_action = null }">{…}</code> |
|
||||||
| [project_number](variables.tf#L379) | Project number. Used in tag bindings to avoid a permadiff. | <code>string</code> | | <code>null</code> |
|
| [project_number](variables.tf#L368) | Project number. Used in tag bindings to avoid a permadiff. | <code>string</code> | | <code>null</code> |
|
||||||
| [scratch_disks](variables.tf#L385) | Scratch disks configuration. | <code title="object({ count = number interface = string })">object({…})</code> | | <code title="{ count = 0 interface = "NVME" }">{…}</code> |
|
| [resource_policies](variables.tf#L374) | Resource policies to attach to the instance or template. | <code>list(string)</code> | | <code>null</code> |
|
||||||
| [service_account](variables.tf#L397) | Service account email and scopes. If email is null, the default Compute service account will be used unless auto_create is true, in which case a service account will be created. Set the variable to null to avoid attaching a service account. | <code title="object({ auto_create = optional(bool, false) email = optional(string) scopes = optional(list(string)) })">object({…})</code> | | <code>{}</code> |
|
| [scratch_disks](variables.tf#L381) | Scratch disks configuration. | <code title="object({ count = number interface = string })">object({…})</code> | | <code title="{ count = 0 interface = "NVME" }">{…}</code> |
|
||||||
| [shielded_config](variables.tf#L407) | Shielded VM configuration of the instances. | <code title="object({ enable_secure_boot = bool enable_vtpm = bool enable_integrity_monitoring = bool })">object({…})</code> | | <code>null</code> |
|
| [service_account](variables.tf#L393) | Service account email and scopes. If email is null, the default Compute service account will be used unless auto_create is true, in which case a service account will be created. Set the variable to null to avoid attaching a service account. | <code title="object({ auto_create = optional(bool, false) email = optional(string) scopes = optional(list(string)) })">object({…})</code> | | <code>{}</code> |
|
||||||
| [snapshot_schedules](variables.tf#L417) | Snapshot schedule resource policies that can be attached to disks. | <code title="map(object({ schedule = object({ daily = optional(object({ days_in_cycle = number start_time = string })) hourly = optional(object({ hours_in_cycle = number start_time = string })) weekly = optional(list(object({ day = string start_time = string }))) }) description = optional(string) retention_policy = optional(object({ max_retention_days = number on_source_disk_delete_keep = optional(bool) })) snapshot_properties = optional(object({ chain_name = optional(string) guest_flush = optional(bool) labels = optional(map(string)) storage_locations = optional(list(string)) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [shielded_config](variables.tf#L403) | Shielded VM configuration of the instances. | <code title="object({ enable_secure_boot = bool enable_vtpm = bool enable_integrity_monitoring = bool })">object({…})</code> | | <code>null</code> |
|
||||||
| [tag_bindings](variables.tf#L460) | Resource manager tag bindings in arbitrary key => tag key or value id format. Set on both the instance and zonal disks, and modifiable without impacting the main resource lifecycle. | <code>map(string)</code> | | <code>{}</code> |
|
| [snapshot_schedules](variables.tf#L413) | Snapshot schedule resource policies that can be attached to disks. | <code title="map(object({ schedule = object({ daily = optional(object({ days_in_cycle = number start_time = string })) hourly = optional(object({ hours_in_cycle = number start_time = string })) weekly = optional(list(object({ day = string start_time = string }))) }) description = optional(string) retention_policy = optional(object({ max_retention_days = number on_source_disk_delete_keep = optional(bool) })) snapshot_properties = optional(object({ chain_name = optional(string) guest_flush = optional(bool) labels = optional(map(string)) storage_locations = optional(list(string)) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [tag_bindings_immutable](variables.tf#L467) | Immutable resource manager tag bindings, in tagKeys/id => tagValues/id format. These are set on the instance or instance template at creation time, and trigger recreation if changed. | <code>map(string)</code> | | <code>null</code> |
|
| [tag_bindings](variables.tf#L456) | Resource manager tag bindings in arbitrary key => tag key or value id format. Set on both the instance and zonal disks, and modifiable without impacting the main resource lifecycle. | <code>map(string)</code> | | <code>{}</code> |
|
||||||
| [tags](variables.tf#L481) | Instance network tags for firewall rule targets. | <code>list(string)</code> | | <code>[]</code> |
|
| [tag_bindings_immutable](variables.tf#L463) | Immutable resource manager tag bindings, in tagKeys/id => tagValues/id format. These are set on the instance or instance template at creation time, and trigger recreation if changed. | <code>map(string)</code> | | <code>null</code> |
|
||||||
|
| [tags](variables.tf#L477) | Instance network tags for firewall rule targets. | <code>list(string)</code> | | <code>[]</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|||||||
@@ -159,7 +159,14 @@ resource "google_compute_instance" "default" {
|
|||||||
labels = var.labels
|
labels = var.labels
|
||||||
metadata = var.metadata
|
metadata = var.metadata
|
||||||
metadata_startup_script = var.metadata_startup_script
|
metadata_startup_script = var.metadata_startup_script
|
||||||
resource_policies = local.ischedule_attach
|
resource_policies = (
|
||||||
|
var.resource_policies == null && var.instance_schedule == null
|
||||||
|
? null
|
||||||
|
: concat(
|
||||||
|
coalesce(var.resource_policies, []),
|
||||||
|
coalesce(local.ischedule, [])
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
dynamic "advanced_machine_features" {
|
dynamic "advanced_machine_features" {
|
||||||
for_each = local.advanced_mf != null ? [""] : []
|
for_each = local.advanced_mf != null ? [""] : []
|
||||||
|
|||||||
@@ -17,19 +17,9 @@
|
|||||||
# tfdoc:file:description Resource policies.
|
# tfdoc:file:description Resource policies.
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
ischedule = try(var.instance_schedule.create_config, null)
|
ischedule = var.instance_schedule == null ? null : [
|
||||||
ischedule_attach = var.instance_schedule == null ? null : (
|
google_compute_resource_policy.schedule[0].id
|
||||||
var.instance_schedule.create_config != null
|
]
|
||||||
# created policy with optional attach to allow policy destroy
|
|
||||||
? (
|
|
||||||
var.instance_schedule.create_config.active
|
|
||||||
? [google_compute_resource_policy.schedule[0].id]
|
|
||||||
: null
|
|
||||||
)
|
|
||||||
# externally managed policy
|
|
||||||
: [var.instance_schedule.resource_policy_id]
|
|
||||||
)
|
|
||||||
|
|
||||||
disk_zonal_schedule_attachments = flatten([
|
disk_zonal_schedule_attachments = flatten([
|
||||||
for disk_key, disk_data in try(local.attached_disks_zonal, []) :
|
for disk_key, disk_data in try(local.attached_disks_zonal, []) :
|
||||||
disk_data.snapshot_schedule != null ? [
|
disk_data.snapshot_schedule != null ? [
|
||||||
@@ -55,27 +45,27 @@ locals {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_resource_policy" "schedule" {
|
resource "google_compute_resource_policy" "schedule" {
|
||||||
count = local.ischedule != null ? 1 : 0
|
count = var.instance_schedule != null ? 1 : 0
|
||||||
project = var.project_id
|
project = var.project_id
|
||||||
region = substr(var.zone, 0, length(var.zone) - 2)
|
region = substr(var.zone, 0, length(var.zone) - 2)
|
||||||
name = var.name
|
name = var.name
|
||||||
description = coalesce(
|
description = coalesce(
|
||||||
local.ischedule.description, "Schedule policy for ${var.name}."
|
var.instance_schedule.description, "Schedule policy for ${var.name}."
|
||||||
)
|
)
|
||||||
instance_schedule_policy {
|
instance_schedule_policy {
|
||||||
expiration_time = local.ischedule.expiration_time
|
expiration_time = var.instance_schedule.expiration_time
|
||||||
start_time = local.ischedule.start_time
|
start_time = var.instance_schedule.start_time
|
||||||
time_zone = local.ischedule.timezone
|
time_zone = var.instance_schedule.timezone
|
||||||
dynamic "vm_start_schedule" {
|
dynamic "vm_start_schedule" {
|
||||||
for_each = local.ischedule.vm_start != null ? [""] : []
|
for_each = var.instance_schedule.vm_start != null ? [""] : []
|
||||||
content {
|
content {
|
||||||
schedule = local.ischedule.vm_start
|
schedule = var.instance_schedule.vm_start
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
dynamic "vm_stop_schedule" {
|
dynamic "vm_stop_schedule" {
|
||||||
for_each = local.ischedule.vm_stop != null ? [""] : []
|
for_each = var.instance_schedule.vm_stop != null ? [""] : []
|
||||||
content {
|
content {
|
||||||
schedule = local.ischedule.vm_stop
|
schedule = var.instance_schedule.vm_stop
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -34,7 +34,14 @@ resource "google_compute_instance_template" "default" {
|
|||||||
metadata_startup_script = var.metadata_startup_script
|
metadata_startup_script = var.metadata_startup_script
|
||||||
labels = var.labels
|
labels = var.labels
|
||||||
resource_manager_tags = var.tag_bindings_immutable
|
resource_manager_tags = var.tag_bindings_immutable
|
||||||
|
resource_policies = (
|
||||||
|
var.resource_policies == null && var.instance_schedule == null
|
||||||
|
? null
|
||||||
|
: concat(
|
||||||
|
coalesce(var.resource_policies, []),
|
||||||
|
coalesce(local.ischedule, [])
|
||||||
|
)
|
||||||
|
)
|
||||||
dynamic "advanced_machine_features" {
|
dynamic "advanced_machine_features" {
|
||||||
for_each = local.advanced_mf != null ? [""] : []
|
for_each = local.advanced_mf != null ? [""] : []
|
||||||
content {
|
content {
|
||||||
@@ -226,7 +233,14 @@ resource "google_compute_region_instance_template" "default" {
|
|||||||
metadata_startup_script = var.metadata_startup_script
|
metadata_startup_script = var.metadata_startup_script
|
||||||
labels = var.labels
|
labels = var.labels
|
||||||
resource_manager_tags = var.tag_bindings_immutable
|
resource_manager_tags = var.tag_bindings_immutable
|
||||||
|
resource_policies = (
|
||||||
|
var.resource_policies == null && var.instance_schedule == null
|
||||||
|
? null
|
||||||
|
: concat(
|
||||||
|
coalesce(var.resource_policies, []),
|
||||||
|
coalesce(local.ischedule, [])
|
||||||
|
)
|
||||||
|
)
|
||||||
dynamic "advanced_machine_features" {
|
dynamic "advanced_machine_features" {
|
||||||
for_each = local.advanced_mf != null ? [""] : []
|
for_each = local.advanced_mf != null ? [""] : []
|
||||||
content {
|
content {
|
||||||
|
|||||||
@@ -211,35 +211,24 @@ variable "iam" {
|
|||||||
variable "instance_schedule" {
|
variable "instance_schedule" {
|
||||||
description = "Assign or create and assign an instance schedule policy. Either resource policy id or create_config must be specified if not null. Set active to null to dtach a policy from vm before destroying."
|
description = "Assign or create and assign an instance schedule policy. Either resource policy id or create_config must be specified if not null. Set active to null to dtach a policy from vm before destroying."
|
||||||
type = object({
|
type = object({
|
||||||
resource_policy_id = optional(string)
|
active = optional(bool, true)
|
||||||
create_config = optional(object({
|
description = optional(string)
|
||||||
active = optional(bool, true)
|
expiration_time = optional(string)
|
||||||
description = optional(string)
|
start_time = optional(string)
|
||||||
expiration_time = optional(string)
|
timezone = optional(string, "UTC")
|
||||||
start_time = optional(string)
|
vm_start = optional(string)
|
||||||
timezone = optional(string, "UTC")
|
vm_stop = optional(string)
|
||||||
vm_start = optional(string)
|
|
||||||
vm_stop = optional(string)
|
|
||||||
}))
|
|
||||||
})
|
})
|
||||||
default = null
|
default = null
|
||||||
validation {
|
validation {
|
||||||
condition = (
|
condition = (
|
||||||
var.instance_schedule == null ||
|
var.instance_schedule == null ||
|
||||||
try(var.instance_schedule.resource_policy_id, null) != null ||
|
|
||||||
try(var.instance_schedule.create_config, null) != null
|
|
||||||
)
|
|
||||||
error_message = "A resource policy name or configuration must be specified when not null."
|
|
||||||
}
|
|
||||||
validation {
|
|
||||||
condition = (
|
|
||||||
try(var.instance_schedule.create_config, null) == null ||
|
|
||||||
length(compact([
|
length(compact([
|
||||||
try(var.instance_schedule.create_config.vm_start, null),
|
try(var.instance_schedule.vm_start, null),
|
||||||
try(var.instance_schedule.create_config.vm_stop, null)
|
try(var.instance_schedule.vm_stop, null)
|
||||||
])) > 0
|
])) > 0
|
||||||
)
|
)
|
||||||
error_message = "A resource policy configuration must contain at least one schedule."
|
error_message = "An instance schedule must contain at least one schedule."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -382,6 +371,13 @@ variable "project_number" {
|
|||||||
default = null
|
default = null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "resource_policies" {
|
||||||
|
description = "Resource policies to attach to the instance or template."
|
||||||
|
type = list(string)
|
||||||
|
nullable = true
|
||||||
|
default = null
|
||||||
|
}
|
||||||
|
|
||||||
variable "scratch_disks" {
|
variable "scratch_disks" {
|
||||||
description = "Scratch disks configuration."
|
description = "Scratch disks configuration."
|
||||||
type = object({
|
type = object({
|
||||||
|
|||||||
Reference in New Issue
Block a user