36648b6b63
* data wip * wip data * update org schema, add note on expansion * all schemas, workload notes * Update WORKLOG.md * Update WORKLOG.md * Update WORKLOG.md * Update WORKLOG.md * wip * data wip * wip * wip * wip * wip * org module IAM context (using lookup) * new-style context expansion in project IAM * remove spurious file * project module contexts * finalize context replacement format for project module * revert org module changes * fix tag id interpolation in project * fix tag id interpolation in project * organization module context * organization context test * context expansion for folder tag bindings * test context expansion for tag bindings * service account module context * simplify context local * context for iam service account * nuke blueprints * remove links to blueprints * vpc sc context in project module * Add context to GCS module * Add inline deps to plan_summary script * Make context a top-level variable for folder, organization, sa * Add add context top-level to VPC-SC * move context out of factories_config variable * tfdoc * fix merge * fix merge * fix examples * net-vpc module context * add parent ids to folder context * rename folder parent context * fix folder parent check * new project factory stub * wip * wip * refactor defaults * project iam * bueckts and service accounts * start adding context replacements * better test data * automation resources for folders and projects * automation * add support for project id interpolation * first tested apply * improve IAM description in gcs module * add context to billing account module * add notification channels to billing account module context * add billing budgets to new pf * schemas and defaults * bootstrap wip * bootstrap wip * bootstrap wip * pf outputs * pf fixes * fix pf sample data * bootstrap lite fixes * add locations to organization module contexts * bootstrap lite fixes * org fixes, billing accounts * fix default project parent * bootstrap lite wip * add locations to gcs module context * add context support to logging bucket module * add context to pubsub module * split out iam variables in gcs module * fix logging bucket context test * bootstrap log sink destinations * streamline logging-bucket module variables * fix logging bucket context test * align logging bucket module interface in fast bootstrap * add support for project-level log buckets to project factory * support full context expansion in organization module log sinks * log buckets in fast-lite bootstrap * make og sink type optional in organization module * log sinks in fast-lite bootstrap * set tag values in factory context * bootstrap lite data * output files schema * billing account schema * output files * output providers * gcs output files * boilerplate * tflint * check documentation * check docs * fix project module parent variable validation * fix log bucket examples * allow null parent in project module * silence folder test errors * fix billing account sink example * fix project example * fix billing account module * fix folder tests * fix FAST * fix fast * tfvars outputs * wif * cicd service accounts * cicd * allow defaults in context, minimal org policies * support gcs managed folders in project factory and bootstrap lite * support prefix in provider output files * rename bootstrap stage * gitignore * gitignore * security folder, billing IAM * wip tfvars * fix typo * security IAM * control tag iam/context via variables in organization module * split tag creation from tag IAM to avoid circular refs * port organization module tag changes to project module * implement new-style context expansion in vpc-sc module * fix fast vpc-sc tests * boilerplate * vpc sc stage * schemas * fast-lite compatibility for vpc sc stage * make log project number optional in vpc-sc stage * networking * networking * networking * networking * rename and move new stage under fast * clone pf tests * use context replacement for internal notification channels in billing account module * support service agents in project module iam context replacements * support service agents in project module iam context replacements * add support for kms keys to project module context * experimental pf example test and fixes * fix schemas * fix tests * tfdoc * tfdoc * pf config * experimental pf * remove redundant dot from gcs managed folder IAM keys * bootstrap experimental test * project factory exp stage test * skip tflint for bootstrap experimental test * tflint * fix gcs test * documentation work * documentation work * Update README.md * tfdoc * tfdoc * readme * tfdoc * readme * readme * readme * readme * support universe in pf exp projects * missing universe service agents * org policies import, non-admin billing IAM * todo * fix test * custom constraints * fast classic dataset * fix test data * context replacements in billing module log sinks * fix typo * add support for billing log sinks * update docs * readme * cicd fix and test --------- Co-authored-by: Julio Castillo <jccb@google.com>
19 KiB
19 KiB
Network Project Configuration (Single)
Properties
additional properties: false
- project_config: reference(projectConfig)
- ncc_hub_config: reference(nccHubConfig)
- vpc_config: reference(vpcConfigMap)
Definitions
- projectConfig: object
additional properties: false- ⁺name: string
- prefix: string
- parent: string
- project_reuse: object
additional properties: false- use_data_source: boolean
- attributes: object
- ⁺name: string
- ⁺number: number
- services_enabled: array
- items: string
- billing_account: string
- deletion_policy: string
enum: ['DELETE', 'ABANDON'] - default_service_account: string
enum: ['deprovision', 'disable', 'keep'] - auto_create_network: boolean
- project_create: boolean
- shared_vpc_host_config: object
additional properties: false- ⁺enabled: boolean
- service_projects: array
- items: string
- services: array
- items: string
pattern: ^[a-z-]+.googleapis.com$
- items: string
- org_policies: reference(orgPolicies)
- metric_scopes: array
- items: string
- iam: reference(iam)
- iam_bindings: reference(iamBindings)
- iam_bindings_additive: reference(iamBindingsAdditive)
- iam_by_principals: reference(iamByPrincipals)
- iam_by_principals_additive: reference(iamByPrincipals)
- quotas: reference(quotas)
- nccHubConfig: object
additional properties: false- ⁺name: string
- description: string
- preset_topology: string
enum: ['MESH', 'STAR', 'PLANETARY'] - export_psc: boolean
- groups: object
additional properties: false^[a-zA-Z0-9_-]+$: reference(nccGroup)
- nccGroup: object
additional properties: false- labels: reference(stringMap)
- description: string
- auto_accept: array
- items: string
- vpcConfigMap: object
additional properties: false^[a-z0-9-]+$: reference(vpcConfigEntry)
- vpcConfigEntry: object
additional properties: false- auto_create_subnetworks: boolean
- create_googleapis_routes: object
additional properties: false- private: boolean
- private-6: boolean
- restricted: boolean
- restricted-6: boolean
- delete_default_routes_on_create: boolean
- description: string
- dns_policy: object
additional properties: false- inbound: boolean
- logging: boolean
- outbound: object
additional properties: false- private_ns: array
- items: string
- public_ns: array
- items: string
- private_ns: array
- dns_zones: object
additional properties: false^[a-zA-Z0-9-]+$: reference(dnsZone)
- firewall_policy_enforcement_order: string
enum: ['AFTER_CLASSIC_FIREWALL', 'BEFORE_CLASSIC_FIREWALL'] - ipv6_config: object
additional properties: false- enable_ula_internal: boolean
- internal_range: string
- mtu: number
- nat_config: object
additional properties: false^[a-zA-Z0-9-]+$: reference(natConfig)
- network_attachments: object
additional properties: false^[a-zA-Z0-9-]+$: reference(networkAttachment)
- policy_based_routes: object
additional properties: false^[a-zA-Z0-9-]+$: reference(policyBasedRoute)
- psa_config: array
- items: reference(psaConfig)
- routers: object
additional properties: false^[a-zA-Z0-9-]+$: reference(routerConfig)
- routes: object
additional properties: false^[a-zA-Z0-9-]+$: reference(routeConfig)
- routing_mode: string
enum: ['GLOBAL', 'REGIONAL'] - subnets_factory_config: object
additional properties: false- context: object
additional properties: false- regions: reference(stringMap)
- subnets_folder: string
- context: object
- firewall_factory_config: object
additional properties: false- cidr_tpl_file: string
- rules_folder: string
- vpn_config: object
additional properties: false^[a-zA-Z0-9-]+$: reference(vpnConfig)
- peering_config: object
additional properties: false^[a-zA-Z0-9-]+$: reference(peeringConfig)
- ncc_config: reference(vpcNccConfig)
- dnsZone: object
additional properties: false- force_destroy: boolean
- description: string
- iam: reference(iam)
- zone_config: reference(dnsZoneConfig)
- recordsets: object
additional properties: false^[a-zA-Z0-9_. -]+$: reference(dnsRecordSet)
- dnsZoneConfig: object
additional properties: false- ⁺domain: string
- forwarding: object
additional properties: false- forwarders: reference(stringMap)
- client_networks: array
- items: string
- peering: object
additional properties: false- client_networks: array
- items: string
- ⁺peer_network: string
- client_networks: array
- public: object
additional properties: false- dnssec_config: reference(dnssecConfig)
- enable_logging: boolean
- private: object
additional properties: false- client_networks: array
- items: string
- service_directory_namespace: string
- client_networks: array
- dnssecConfig: object
additional properties: false- non_existence: string
enum: ['nsec', 'nsec3'] - ⁺state: string
enum: ['on', 'off', 'transfer'] - key_signing_key: reference(dnsKeySpec)
- zone_signing_key: reference(dnsKeySpec)
- non_existence: string
- dnsKeySpec: object
additional properties: false- ⁺algorithm: string
enum: ['rsasha1', 'rsasha256', 'rsasha512', 'ecdsap256sha256', 'ecdsap384sha384'] - ⁺key_length: number
- ⁺algorithm: string
- dnsRecordSet: object
additional properties: false- ttl: number
- records: array
- items: string
- geo_routing: array
- items: reference(dnsGeoRoutingRule)
- wrr_routing: array
- items: reference(dnsWrrRoutingRule)
- dnsGeoRoutingRule: object
additional properties: false- ⁺location: string
- records: array
- items: string
- health_checked_targets: array
- items: reference(dnsHealthCheckedTarget)
- dnsHealthCheckedTarget: object
additional properties: false- ⁺load_balancer_type: string
- ⁺ip_address: string
- ⁺port: string
- ⁺ip_protocol: string
- ⁺network_url: string
- ⁺project: string
- region: string
- dnsWrrRoutingRule: object
additional properties: false- ⁺weight: number
- ⁺records: array
- items: string
- natConfig: object
additional properties: false- ⁺region: string
- router_create: boolean
- router_name: string
- router_network: string
- router_asn: number
- type: string
enum: ['PUBLIC', 'PRIVATE'] - addresses: array
- items: string
- endpoint_types: array
- items: string
enum: ['ENDPOINT_TYPE_VM', 'ENDPOINT_TYPE_SWG', 'ENDPOINT_TYPE_MANAGED_PROXY_LB']
- items: string
- logging_filter: string
enum: ['ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'] - config_port_allocation: object
additional properties: false- enable_endpoint_independent_mapping: boolean
- enable_dynamic_port_allocation: boolean
- min_ports_per_vm: number
- max_ports_per_vm: number
- config_source_subnetworks: object
additional properties: false- all: boolean
- primary_ranges_only: boolean
- subnetworks: array
- items: reference(natSourceSubnetwork)
- config_timeouts: object
additional properties: false- icmp: number
- tcp_established: number
- tcp_time_wait: number
- tcp_transitory: number
- udp: number
- rules: array
- items: reference(natRule)
- natSourceSubnetwork: object
additional properties: false- ⁺self_link: string
- all_ranges: boolean
- primary_range: boolean
- secondary_ranges: array
- items: string
- natRule: object
additional properties: false- description: string
- ⁺match: string
- source_ips: array
- items: string
- source_ranges: array
- items: string
- networkAttachment: object
additional properties: false- ⁺subnet: string
- automatic_connection: boolean
- description: string
- producer_accept_lists: array
- items: string
- producer_reject_lists: array
- items: string
- policyBasedRoute: object
additional properties: false- description: string
- labels: reference(stringMap)
- priority: number
- next_hop_ilb_ip: string
- use_default_routing: boolean
- filter: object
additional properties: false- ip_protocol: string
- dest_range: string
- src_range: string
- target: object
additional properties: false- interconnect_attachment: string
- tags: array
- items: string
- psaConfig: object
additional properties: false- deletion_policy: string
enum: ['delete', 'abandon'] - ranges: reference(stringMap)
- export_routes: boolean
- import_routes: boolean
- peered_domains: array
- items: string
- range_prefix: string
- service_producer: string
- deletion_policy: string
- routerConfig: object
additional properties: false- ⁺region: string
- asn: number
- custom_advertise: reference(customAdvertiseConfig)
- keepalive: number
- name: string
- routeConfig: object
additional properties: false- description: string
- ⁺dest_range: string
- ⁺next_hop_type: string
- ⁺next_hop: string
- priority: number
- tags: array
- items: string
- vpnConfig: object
additional properties: false- ⁺region: string
- ncc_spoke_config: object
additional properties: false- hub: string
- description: string
- labels: reference(stringMap)
- ⁺peer_gateways: object
additional properties: false^[a-zA-Z0-9-]+$: reference(peerGateway)
- router_config: reference(vpnRouterConfig)
- stack_type: string
enum: ['IPV4_ONLY', 'IPV4_IPV6'] - ⁺tunnels: object
additional properties: false^[a-zA-Z0-9-]+$: reference(vpnTunnel)
- peerGateway: object
additional properties: false- external: reference(externalPeerGateway)
- gcp: string
- externalPeerGateway: object
additional properties: false- ⁺redundancy_type: string
enum: ['SINGLE_IP_INTERNALLY_REDUNDANT', 'TWO_IPS_REDUNDANCY', 'FOUR_IPS_REDUNDANCY'] - ⁺interfaces: array
- items: string
- description: string
- name: string
- ⁺redundancy_type: string
- vpnRouterConfig: object
additional properties: false- asn: number
- create: boolean
- custom_advertise: reference(customAdvertiseConfig)
- keepalive: number
- name: string
- override_name: string
- vpnTunnel: object
additional properties: false- bgp_peer: reference(bgpPeerConfig)
- ⁺bgp_session_range: string
- ike_version: number
enum: [1, 2] - name: string
- peer_external_gateway_interface: number
- peer_router_interface_name: string
- peer_gateway: string
- router: string
- shared_secret: string
- ⁺vpn_gateway_interface: number
- bgpPeerConfig: object
additional properties: false- ⁺address: string
- ⁺asn: number
- route_priority: number
- custom_advertise: reference(customAdvertiseConfig)
- md5_authentication_key: object
additional properties: false- ⁺name: string
- key: string
- ipv6: object
additional properties: false- nexthop_address: string
- peer_nexthop_address: string
- name: string
- customAdvertiseConfig: object
additional properties: false- ⁺all_subnets: boolean
- ip_ranges: reference(stringMap)
- peeringConfig: object
additional properties: false- ⁺peer_network: string
- routes_config: object
additional properties: false- export: boolean
- import: boolean
- public_export: boolean
- public_import: boolean
- stack_type: string
enum: ['IPV4_ONLY', 'IPV4_IPV6']
- vpcNccConfig: object
additional properties: false- ⁺hub: string
- description: string
- labels: reference(stringMap)
- group: string
- exclude_export_ranges: array
- items: string
- include_export_ranges: array
- items: string
- stringMap: object additional properties: String
- condition: object
additional properties: false- ⁺expression: string
- ⁺title: string
- description: string
- principalPattern: string
pattern: ^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|[a-z]) - rolePattern: string
pattern: ^roles/ - iam: object
additional properties: false^roles/: array- items: reference(principalPattern)
- iamBindings: object
additional properties: false^[a-z0-9_-]+$: object
additional properties: false- ⁺members: array
- items: reference(principalPattern)
- role: reference(rolePattern)
- condition: reference(condition)
- ⁺members: array
- iamBindingsAdditive: object
additional properties: false^[a-z0-9_-]+$: object
additional properties: false- member: reference(principalPattern)
- role: reference(rolePattern)
- condition: reference(condition)
- iamByPrincipals: object
additional properties: false^(?:domain:|group:|serviceAccount:|user:|principal:|principalSet:|[a-z]): array- items: reference(rolePattern)
- orgPolicies: object
additional properties: false^[a-z]+\.: reference(orgPolicyConfig)
- orgPolicyConfig: object
- inherit_from_parent: boolean
- reset: boolean
- rules: array
- items: reference(orgPolicyRule)
- orgPolicyRule: object
additional properties: false- allow: reference(orgPolicyRuleAllowDeny)
- deny: reference(orgPolicyRuleAllowDeny)
- enforce: boolean
- condition: object
additional properties: false- description: string
- expression: string
- location: string
- title: string
- orgPolicyRuleAllowDeny: object
additional properties: false- all: boolean
- values: array
- items: string
- quotas: object
additional properties: false^[a-zA-Z0-9_-]+$: object
additional properties: false- ⁺service: string
- ⁺quota_id: string
- ⁺preferred_value: number
- dimensions: object additional properties: String
- justification: string
- contact_email: string
- annotations: object additional properties: String
- ignore_safety_checks: string
enum: ['QUOTA_DECREASE_BELOW_USAGE', 'QUOTA_DECREASE_PERCENTAGE_TOO_HIGH', 'QUOTA_SAFETY_CHECK_UNSPECIFIED']