* Update Cloud Run v2 GPU examples in README
Remove launch_stage = "BETA" from examples as it now defaults to GA in the provider. This fixes E2E test failures where the API returns GA. Reference: https://github.com/hashicorp/terraform-provider-google/pull/17029
TAG=agy
* Fix KMS and Compute VM E2E test failures
Update README examples to avoid conflicts and unsupported modes, and update corresponding inventories.
TAG=agy
* Add instruction to run a single specific example test in GEMINI.md
TAG=agy
* Allow creation of dynamic tags
* Extend project factory and related modules to support dynamic values
* Extend folder and organization modules
* project and organization readme
* Simplify dynamic tag support and remove unnecessary restrictions
• Schemas & Validations: Removed the restriction that forbade combining IAM fields with allowed_values_regex on tags. Updated validations in project and organization modules, and
simplified all relevant JSON schemas.
• Module Tag Bindings: Simplified the tag_value assignment in folder , project , gcs , bigquery-dataset , and kms modules by removing the defensive can(regex(...)) check and
calling templatestring directly.
• Outputs: Removed the tags_dynamic output from project and organization modules, as the same information is now available in tag_keys .
• Project Factory: Updated tag_vars_projects in projects.tf to use the native namespaced_name attribute and filtered manually for dynamic tags.
* fix(organization, project): fix linting and tests for dynamic tag support
- Align allowed_values_regex and description extraction in _tags_merged
locals to use lookup() for consistency with other fields.
- Fix spacing in project context variable (alphabetical ordering).
- Update organization tags test to include the new cost_center tag key
with allowed_values_regex.
- Update project tags test to include the new cost_center tag key and
reflect the resolved allowed_values_regex on environment.
* refactor(gcs): refine tag bindings and fix context test
- Add _tag_bindings local to pre-resolve context references, enabling
templatestring to receive a direct map reference (required by Terraform).
- Use var.context.tag_vars instead of the non-existent local.ctx.tag_vars.
- Fix HCL syntax in context.tfvars (escaped inner quotes).
- Update context test inventory to reflect 3 tag bindings including a
dynamic value resolved via templatestring.
* refactor: align modules with tag binding context pattern
- Add _tag_bindings local + templatestring dance to cloud-run-v2,
compute-vm, folder, kms modules (bigquery-dataset already had it)
- Exclude tag_vars from local.ctx in cloud-run-v2, compute-vm, folder,
kms, project modules (bigquery-dataset already had it)
- Add tag_vars to context variable in cloud-run-v2, compute-vm modules
(others already had it)
- Update all context tests with dynamic tag binding values using
var.context.tag_vars
* docs: add module-level tftest.yaml test instructions to GEMINI.md
* docs: regenerate READMEs after tag-regex alignment
- Regenerate variable tables in 7 module READMEs to reflect
line number shifts from prior tag-regex changes
- Add tag_vars exclusion to gcs ctx local
- Fix whitespace alignment in iam-service-account and
project-factory tag_vars blocks
- Update tftest resource counts for organization and project
- Remove tags_dynamic from organization/project output tables
* fix(project-factory): update test inventory for tag_bindings module split
- Move tag binding address from folder-2 to folder-2-iam in test
inventory (tag_bindings moved from creation to IAM modules)
- Update module instance count from 34 to 35
- Regenerate README tables after terraform fmt line shifts
- Apply terraform fmt to variables.tf
* refactor(project-factory): remove unnecessary depends_on from folder-iam modules
Folder IAM modules depend on their own folder creation modules, not
on module.projects. The explicit depends_on was leftover from an
earlier design.
* FAST stages
* Address review comments.
- FAST Stages:
- Added tag_keys to output-files.tf in 0-org-setup to pass org tags via tfvars.
- Sorted tag_keys and tag_values in output-files.tf.
- Updated project-factory, networking, and security stages to use tag_keys.
- Filtered tag_keys for dynamic tags only.
- Modules:
- Excluded tag_vars from local.ctx in iam-service-account and organization.
- Simplified tag_value in iam-service-account.
- Tests:
- Updated test inventories for 0-org-setup and project-factory.
* Fix tf format
* Fix tfdoc
* docs: add ADR for templatestring vars convention and update status of base path ADR
* More tfdoc
* Update schemas
* Use endswith in context loop
* Address review
* Update FAST readmes
* Update last modules
* Terraform fmt
* Revert alloydb
* Fix whitespace
---------
Co-authored-by: Ludovico Magnocavallo <ludo@qix.it>
* wip
* wip
* fix contexts
* cas factory
* add support for context to cas module
* cas module contexts and tests
* cas factory
* rename legacy security stage, add test for new stage
* readmes
* doc
* tfdoc
* doc, outputs
* update inventory
* VPN-HA module initial commit
* Added readme for net-vpn-ha module
* Update readme, add simple description
* Merge new modules list and environments foundation example (#30)
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* gke-cluster
* net-vpc module and tests
* add TODO to net-vpc module
* add minimal README files with input/output variables to gke and net-vpc modules
* BigQuery Module (#24)
* Bigquery Module
* Added README file
* Added type hints
* GCS module
* net vpc module: improve secondary range outputs
* net vpc module: add serve project registration
* project module
* move bigquery module to not-ready folder
* folders module
* rename project module's iam variables
* slight tweak to folder module outputs
* gcs module
* simplify net-vpc module variables
* fix module tests configurations, fix net-vpc module tests
* add pydoc utility
* add/update module READMEs
* add/update module READMEs
* add/update module READMEs
* improve variable type summary generation in tfdoc
* tfdoc: add support for replacing doc in README.md files
* improve module READMEs
* net-vpc-firewall module
* add support for sensitive output attribute in tfdoc
* remove empty function from tfdoc
* render variable type as code in tfdoc
* update module READMEs
* net address module
* net cloudnat module
* remove redundant variable from net-cloudnat module
* vpc module: add support for peering, use network name as subnet name prefix
* net-vpn-static module
* net-vpn-static module README
* net-vpn-static module README
* tfdoc: fix error on undeclared variable type
* dns module
* set version for all modules
* kms module (untested)
* change kms key self links output to map, fix gcs and kms iam variable descriptions
* fix kms module
* update kms module readme
* simplify local iam pairs in modules
* service accounts module (unfinished)
* work on service accounts module
* project module: add gcr service account
* project module: update outputs in README
* first working version of the iam service accounts module
* iam service accounts module: extra checks in locals
* modules/net-cloudnat: reorder variables
* modules/net-vpn-dynamic: initial import (untested)
* modules/net-vpn-dynamic: first working version
* modules/net-vpn-dynamic: add outputs for auto-created router
* modules/net-vpn-dynamic: update README
* modules/net-[vpn,cloudnat]: clean up variable,s remove prefix
* modules/net-vpn-dynamic: add advertisement configuration to tunnel bgp peer, refactor variables
* tfdoc: add tooltips for variable types and defaults
* modules: update README variables and outputs
* tfdoc: improve variable default rendering
* modules: update README variables and outputs
* modules/net-vpc: minimal output refactoring
* modules/vm-cos: initial import, base resources working, no outputs
* modules/vm-cos: add variable descriptions
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* tfdoc: fix parsing in type and default blocks
* modules/vm-cos: fix README
* modules/compute-vm: initial working import (not fully tested)
* modules/vm-cos: move to not-ready
* tfdoc: fix variable defaults formatting
* modules: update README files with tfdoc fixes
* modules: add initial examples
* gke-nodepool: initial import, untested
* gke nodepool: add README, fix location variable, set node count default to 1
* gke cluster: fix private cluster variables
* gke nodepool: fix README title
* gke cluster: add output for cluster location
* gke nodepool: add missing variables for project id and cluster name, remove default from location variable, fix gke version assignment
* gke nodepool: update README
* net-cloudnat: fix router name when creating default router
* fix variables used for address and router optional creation
* vpn dynamic: fix README
* modules/net-vpn-dynamic: fix router name output
* modules/compute-vm: remove unused variable
* modules/compute-vm-cos-coredns: initial import
* Update foundations modules versions (#26)
* update foundations modules versions
* update Terraform version to v0.12.19 in CI test configuration
* backport tfdoc from Ludo's branch (#27)
* Update docs using tfdoc format (#28)
* update README files
* set all types on variables
* foundations/environments: move log filter to a variable, use org for xpn by default
* foundations/environments: do not use liens by default
* modules/ntp-vpc: better shared_vpc_host variable description
* modules/logging-sinks: initial version
* modules/logging-sinks: streamline options in sinks variable
* modules/compute-vm-cos-coredns: add support for additional files
* modules/folders: rename from 'folder'
* modules/logging-sinks: fix circular dependencies and improve variables
* modules/project: remove extra variable
* modules/bigquery: new module with dataset support only
* foundations/environments: refactor using local modules
* modules/bigquery: better variables, README description and example
* modules: fix a few READMEs
Co-authored-by: Julio Castillo <juliocc@gmail.com>
* modules/net-vpc: README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc: tweak README description and examples
* modules/net-vpc-firewall: change tag-based rule default ranges, improve README examples and description
* modules/compute-vm: README changes
* modules/compute-vm: use an object for the service account variable, update README
* modules/compute-vm: update README variables table
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add TODO list to README
* modules/compute-vm: add outputs for service account
* modules/net-cloudnat: README
* modules/net-cloudnat: README
* modules/net-cloudnat: add router_create variable
* modules/compute-vm: simplify service account variables
* modules/net-vpn-dynamic: fix README example, use local secret for both empty string and null
* modules/net-vpn-dynamic: improve README example
* modules/gke-cluster: minimal README tweaks
* modules/kms: fix ephemeral keys resource name
* modules/iam-service-accounts: add storage roles
* modules/gke-nodepool: fix node default scopes
* New project variable to prevent deletion of default network (#32)
* New project variable to prevent deletion of default network
This is a workaround to fix
terraform-google-modules/cloud-foundation-fabric#31 while the GCP
terraform provider is fixed
* Add TODOs to remove workarounds in the project module
* Fix Cloud Build files
* modules/gke-nodepool: add monitoring scope to defaults
* modules/iam-service-accounts: add support for IAM bindings onthe service accounts
* playground module in sandbox, remove not ready modules
* Fix ci configurations in development branch (#33)
* try fixing ci confgurations
* add exclusion match to ci boilerplate check
* add skip boilerplate comment to compute-vm-cos-coredns template fragment
* modules/gke-cluster: fix boilerplate in outputs
* Simplify tests, re-enable CI
* add instance group support to compute-vm, start tests refactoring
* modules/compute-vm: group fixes, tests
* modules/compute-vm: minimal test beautification
* simplify top-level pytest fixture
* modules/dns: tests and minor tweaks
* fix missing boilerplate in tests
* re-add requirements file to tests folder
* re-enable tests in ci build configuration
* Folder module tests and fixes (#38)
* folder tests wip
* modules/folders: tests and tweaks
* update folders and compute-vm README files
* modules/gcs: tests and minor tweaks
* Create README.md
* Update README.md
* Update README.md
* Update README.md
* Added docker image for strongSwan
* Add support for routes and tests to net-vpc module (#39)
* modules/net-vpc: add routes (untested)
* initial tests
* modules/net-vpc: add test for flow logs
* modules/net-vpc: split tests into two separate files
* modules/net-vpc: routes test
* modules/net-vpc: test routes
* Add support for Terraform plugin cache in ci test build file (#40)
* add Terraform plugin caching to test ci build configuration
* fix mkdir in test build configuration
* trigger test check
* Refactor dynamic vpn configuration for on-prem-in-a-box module
* Fix dynamic vpn for onprem-in-a-box module
* Migrate Shared VPC example to local modules (#41)
* wip
* wip
* validated, untested
* modules/compute-vm: make service account email in locals resilient to destroy
* modules/project: make project id output depend on iam roles
* fixes
* shared-vpc tweaks
* update diagram
* update README input output tables
* modules/compute-vm: add service account IAM email output
* move GKE service account roles at the project level, add GCE service account roles
* update diagram and README
* modules/project: add extra output for IAM-dependent project id
* update modules READMEs
* minor tweaks
* modules/compute-vm: fix service account output
* remove static address from NAT
* fix container service agent binding dependency
* rename shared vpc
* Update README.md
* Update README.md
* Add static vpn gw to on-prem-in-a-box module
* Refactor hub and spoke to use new modules (#42)
* modules/compute-vm: saner defaults for service account scopes
* hub and spoke refactor, docs still missing
* complete hub and spoke
* Update README.md
* Add toolbox docker container, fix gw routing to the internet
* Add DNS Hybrid connectivity parameters
* Fix onprem dns zone for the static vpn configuration
* Added readme.md for on-prem module
* Add new line at the end of the files
* Add boilerplate for cloudbuild config files
* fix boilerplate in strongswan shell script
* Update README.md
* include missing file to fix merge conflict
* remove missing file to fix merge conflict
* include missing file to fix merge conflict (again)
* remove content from spurious file used to avoid merge conflicts
* Add net-vpc-peering module
* Initial commit for hub-and-spoke-peering infrastructure example
* Fix typos in infrastructure/ READMEs
* remove stale file
* use larger resolution version of hub and spoke diagram
* Update README.md
* Update hub-and-spoke-peerings example to use internal modules
* Add initial project tests (#46)
* modules/project: make prefix optional
* initial project module tests
* modules/project: use null for unset parent
* modules/dns: backport PR6 from the CFT dns module
* Add testing resources including on-prem-in-a-box to hub-and-spoke-peerings example
* Fix firewall rules to allow connectivity, switch to custom route advertisement for onprem -> spokes connectivity
* Move locals out of main.tf
* remove ssh tag from compute-vm variable default
* Add ssh tag to the test vms
* Update README.md
* Update README.md
* Update README.md
* Hub and spoke peering changes (#48)
* rename hub-and-spoke-vpn
* add ssh tag to shared-vpc-gke instance
* rename and rework hub and spoke peering
* fix test requirements
* align hub and spoke peering with module contents
* diagram
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* minimal fixes to onprem examples variable files
* onprem example stub, missing DNS zones and private.googleapis records onprem
* add missing boilerplate
* Update README.md
* Update README.md
* infra/onprem: add test instance and minimal outputs
* add DNS modules and resource
* infra/onprem: diagram and initial README
* minor changes to onprem module and example (#49)
* update toolbox image
* infra/onprem: add zone for private access, add metadata domain to onprem dns
* infra/onprem: onnprem service account, add testing procedure in README
* Update README.md
* infra/onprem: remove extra variable
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* infra/onprem: rename forwarder address variable
* Update README:
Added explicit --tunnel-through-iap for gcloud compute ssh commands
* Update top-level and section READMEs (#50)
* top-level README WIP
* rewrite top-level README
* change top-level README title
* remove initial quote in top-level README
* Update README.md
* Update README.md
* Update README.md
* foundations README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add experimental scheduled cloud function module
* scheduled cloud function module: allow disabling schedule
* business-units foundation example (#52)
* Added folder-units module.
* Business units example update (WIP)
* Update all BU modules to internal ones
* Refactoring business-units example, add billing and org IAM handling
* update projects tests for new iam additive naming
* update project README for new iam additive naming
* streamline bu example and module (#53)
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
* align net-vpn-ha interface with the other vpn modules
* update module README files
* Update README.md
* Update README.md
* Create CHANGELOG.md
* Refactor COS module to be generic (#51)
* Create generic COS module and update CoreDNS module to use it
* Update compute-vm-cos README
* Fix COS README
* Update COS example
* Skip boilerplate check for COS file template
* Make COS module more generic and provide preset configurations
* Update COS module documentation
* tfdoc: add support for multiple variables files
* compute-vm: split boot disk in separate variable file for cos module support
* Streamline cos modules (#54)
* tfdoc: fix bug in last commit
* compute-vm: add support for user-data
* compute-vm: restore noncos variable split
* remove compute-vm-cos-coredns
* compute-vm: revert to original state
* cos-container/coredns
* fix variables mess
* cos/coredns fixes
* cos/mysql
* remove stale compute-vm-cos module
* add test instance to cos modules
* tfdoc: add support for multiple output files
* cos: add initial READMEs
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* add test apply fixture
* cos-coredns: tested
* Update README.md
* Fix typo
* cos-coredns: refactor README
* Update README.md
* test yaml validity in cos modules tests
* cos mysql tests
* cos mysql: refactor and test (disk tests missing)
* onprem: fix Coredns
* cos mysql: additional disk working
* cos modules: fix instance disks for no instance
* update some modules READMEs
* update some modules READMEs
* Update README.md
* Update README.md
* add simple tests for foundations/environments
* change default for org id in foundations/environments to avoid errors when none is specified
* fix null/empty organization id in foundations/environments
* fix errors when destroying on empty state in foundations/environments
* fundations/bu: fix errors when destroying with empty state
* modules/gcs: make outputs resilient on destroy with empty state
* modules/folders: make outputs resilient on destroy with empty state
* switch organization_id variable to long form in foundations/bu and modules/folders-unit
* Update README.md
* infra/shared-vpc: remove duplicate tag attribute from bastion
Co-authored-by: Aleksandr Averbukh <averbukh@google.com>
Co-authored-by: Julio Castillo <juliocc@gmail.com>
Co-authored-by: Julio Castillo <jccb@google.com>
