Files

Jason Steenblik 90360c591e Add confidential compute support to google_dataproc_cluster in the da… (#2736 )

* Add confidential compute support to google_dataproc_cluster in the dataproc module

* fix parent id lookup for networking and security stages (#2744)

* Add optional automated MD5 generation in net-vlan-attachment module (#2745)

* Bump path-to-regexp and express in /blueprints/gke/binauthz/image (#2749)

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.12 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together.


Updates `path-to-regexp` from 0.1.10 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12)

Updates `express` from 4.21.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.21.1...4.21.2)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add ability to autogenerate md5 keys in net-vpn-ha (#2748)

* Add ability to optionally generate MD5 secrets in VPN module

* Add ability to autogenerate MD5 keys in net-vpn-ha module

* restore missing output

* fix test counts

---------

Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>

* update changelog

* Bump path-to-regexp and express (#2752)

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `path-to-regexp` from 0.1.10 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12)

Updates `express` from 4.21.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.21.1...4.21.2)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add support for routing mode to net-swp module (#2751)

Co-authored-by: Julio Castillo <jccb@google.com>

* remove default location in tag value - cloud-run-v2 tags.tf (#2755)

The Parent resource has a default to europe-west1 when it should be for the resource block from where the cloud run actually is.

Changed to use the var.region instead

* Add path_template_match and path_template_rewrite support to net-lb-app-ext (required for React apps for example).

* Add rest of load balancers.

* Add path_template_match and path_template_rewrite support to internal load balancers

* Add disk encyption key to the google_compute_instance_template - Sovereign support (#2750)

* add disk encyption key to the google_compute_instance_template

* add a condition to the kms_key_self_link

* use dynamic variable for disk_encryption_key

* remove the getpip from the repo

---------

Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>

* Add support for password validation policy to cloudsql module (#2740)

* add support for password validation policy to cloudsql module

* fix defaults

* update changelog

* bump provider version constraint

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Luca Prete <preteluca@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Matthew Callinan <47421139+Mattible@users.noreply.github.com>
Co-authored-by: Taneli Leppä <taneli@google.com>
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Kovács Dávid <david-kovacs@t-systems.com>

2024-12-10 16:39:48 +01:00

iam.tf

Added spanner-instance module (#2372 )

2024-06-23 17:25:22 +00:00

main.tf

add support for cmek in gcs module notification topic

2024-11-04 09:03:24 +01:00

outputs.tf

Added spanner-instance module (#2372 )

2024-06-23 17:25:22 +00:00

README.md

Added spanner-instance module (#2372 )

2024-06-23 17:25:22 +00:00

variables.tf

Added spanner-instance module (#2372 )

2024-06-23 17:25:22 +00:00

versions.tf

Add confidential compute support to google_dataproc_cluster in the da… (#2736 )

2024-12-10 16:39:48 +01:00

README.md

Spanner instance

This module allows to create a spanner instance with associated spanner instance config and databases in the instance. Additionally it allows creating instance IAM bindings and database IAM bindings.

Examples

Basic instance with a database

module "spanner_instace" {
  source     = "./fabric/modules/spanner-instance"
  project_id = var.project_id
  instance = {
    name         = "my-instance"
    display_name = "Regional instance in us-central1"
    config = {
      name = "regional-us-central1"
    }
    num_nodes = 1
  }
  databases = {
    my-database = {

    }
  }
}
# tftest modules=1 resources=2 inventory=simple-instance-with-database.yaml

Instance with autoscaling

module "spanner_instance" {
  source     = "./fabric/modules/spanner-instance"
  project_id = var.project_id
  instance = {
    name         = "my-instance"
    display_name = "Regional instance"
    config = {
      name = "regional-us-central1"
    }
    autoscaling = {
      limits = {
        min_processing_units = 2000
        max_processing_units = 3000
      }
      targets = {
        high_priority_cpu_utilization_percent = 75
        storage_utilization_percent           = 90
      }
    }
    labels = {
      foo = "bar"
    }
  }
}
# tftest modules=1 resources=1 inventory=instance-with-autoscaling.yaml

Instance with custom config

module "spanner_instance" {
  source     = "./fabric/modules/spanner-instance"
  project_id = var.project_id
  instance = {
    name         = "my-instance"
    display_name = "Regional instance"
    config = {
      name = "custom-nam11-config"
      auto_create = {
        display_name = "Test Spanner Instance Config"
        base_config  = "name11"
        replicas = [
          {
            location                = "us-west1"
            type                    = "READ_ONLY"
            default_leader_location = false
          }
        ]
      }
    }
    num_nodes = 1
  }
}
# tftest modules=1 resources=2 inventory=instance-with-custom-config.yaml

New database in existing instance

module "spanner_instance" {
  source     = "./fabric/modules/spanner-instance"
  project_id = var.project_id
  instance = {
    name         = "my-instance"
  }
  instance_create = false
  databases = {
    my-database = {

    }
  }
}
# tftest skip

IAM

module "spanner_instance" {
  source     = "./fabric/modules/spanner-instance"
  project_id = var.project_id
  instance = {
    name         = "my-instance"
    display_name = "Regional instance"
    config = {
      name = "regional-us-central1"
    }
    num_nodes = 1
  }
  databases = {
    my-database = {
      version_retention_period = "1d"
      iam = {
        "roles/spanner.databaseReader" = [
          "group:group1@myorg.com"
        ]
      }
      iam_bindings = {
        "spanner-database-role-user" = {
          role = "roles/spanner.databaseRoleUser"
          members = [
            "group:group2@myorg.com"
          ]
          condition = {
            title       = "role-my_role"
            description = "Grant permissions on my_role"
            expression  = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/my_role\")))"
          }
        }
      }
      iam_bindings_additive = {
        "spanner-database-admin" = {
          role   = "roles/spanner.databaseAdmin"
          member = "group:group3@myorg.com"
          condition = {
            title       = "delegated-role-grants"
            description = "Delegated role grants."
            expression = format(
              "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])",
              join(",", formatlist("'%s'",
                [
                  "roles/storage.databaseReader",
                ]
              ))
            )
          }
        }
      }
    }
  }
}
# tftest modules=1 resources=5 inventory=iam.yaml

Variables

name	description	type	required	default
instance	Instance attributes.	`object({…})`	✓
project_id	Project id.	`string`	✓
databases	Databases.	`map(object({…}))`		`{}`
iam	IAM bindings in {ROLE => [MEMBERS]} format.	`map(list(string))`		`{}`
iam_bindings	Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary.	`map(object({…}))`		`{}`
iam_bindings_additive	Individual additive IAM bindings. Keys are arbitrary.	`map(object({…}))`		`{}`
instance_create	Set to false to manage databases and IAM bindings in an existing instance.	`bool`		`true`

Outputs

name	description	sensitive
spanner_database_ids	Spanner database ids.
spanner_databases	Spanner databases.
spanner_instance	Spanner instance.
spanner_instance_config	Spanner instance config.
spanner_instance_config_id	Spanner instance config id.
spanner_instance_id	Spanner instance id.