Files

Jason Steenblik 90360c591e Add confidential compute support to google_dataproc_cluster in the da… (#2736 )

* Add confidential compute support to google_dataproc_cluster in the dataproc module

* fix parent id lookup for networking and security stages (#2744)

* Add optional automated MD5 generation in net-vlan-attachment module (#2745)

* Bump path-to-regexp and express in /blueprints/gke/binauthz/image (#2749)

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.12 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together.


Updates `path-to-regexp` from 0.1.10 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12)

Updates `express` from 4.21.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.21.1...4.21.2)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add ability to autogenerate md5 keys in net-vpn-ha (#2748)

* Add ability to optionally generate MD5 secrets in VPN module

* Add ability to autogenerate MD5 keys in net-vpn-ha module

* restore missing output

* fix test counts

---------

Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>

* update changelog

* Bump path-to-regexp and express (#2752)

Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `path-to-regexp` from 0.1.10 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12)

Updates `express` from 4.21.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.21.1...4.21.2)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add support for routing mode to net-swp module (#2751)

Co-authored-by: Julio Castillo <jccb@google.com>

* remove default location in tag value - cloud-run-v2 tags.tf (#2755)

The Parent resource has a default to europe-west1 when it should be for the resource block from where the cloud run actually is.

Changed to use the var.region instead

* Add path_template_match and path_template_rewrite support to net-lb-app-ext (required for React apps for example).

* Add rest of load balancers.

* Add path_template_match and path_template_rewrite support to internal load balancers

* Add disk encyption key to the google_compute_instance_template - Sovereign support (#2750)

* add disk encyption key to the google_compute_instance_template

* add a condition to the kms_key_self_link

* use dynamic variable for disk_encryption_key

* remove the getpip from the repo

---------

Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>

* Add support for password validation policy to cloudsql module (#2740)

* add support for password validation policy to cloudsql module

* fix defaults

* update changelog

* bump provider version constraint

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Luca Prete <preteluca@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Luca Prete <lucaprete@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Matthew Callinan <47421139+Mattible@users.noreply.github.com>
Co-authored-by: Taneli Leppä <taneli@google.com>
Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>
Co-authored-by: Kovács Dávid <david-kovacs@t-systems.com>

2024-12-10 16:39:48 +01:00

iam.tf

Minor fixes in workstations IAM (#2375 )

2024-06-24 08:59:29 +02:00

main.tf

fis issues with private workstation-cluster module and persistent_directories (#2247 )

2024-05-02 06:09:10 +00:00

outputs.tf

…

README.md

remove default location from remaining modules (#2304 )

2024-05-24 09:20:53 +02:00

variables.tf

remove default location from remaining modules (#2304 )

2024-05-24 09:20:53 +02:00

versions.tf

Add confidential compute support to google_dataproc_cluster in the da… (#2736 )

2024-12-10 16:39:48 +01:00

README.md

Workstation cluster

This module allows to create a workstation cluster with associated workstation configs and workstations. In addition to this it allows to set up IAM bindings for the workstation configs and the workstations.

Simple example
Private cluster
Custom image
IAM
Variables
Outputs

Simple example

Simple example showing how to create a cluster with publicly accessible workstations using the default base image.

module "workstation-cluster" {
  source     = "./fabric/modules/workstation-cluster"
  project_id = var.project_id
  id         = "my-workstation-cluster"
  location   = var.region
  network_config = {
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
  }
  workstation_configs = {
    my-workstation-config = {
      workstations = {
        my-workstation = {
          labels = {
            team = "my-team"
          }
        }
      }
    }
  }
}
# tftest modules=1 resources=3 inventory=simple.yaml

Private cluster

Example showing how to create a cluster with a privately accessible workstation using the default base image.

module "workstation-cluster" {
  source     = "./fabric/modules/workstation-cluster"
  project_id = var.project_id
  id         = "my-workstation-cluster"
  location   = var.region
  network_config = {
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
  }
  private_cluster_config = {
    enable_private_endpoint = true
  }
  workstation_configs = {
    my-workstation-config = {
      gce_instance = {
        disable_public_ip_addresses = true
      }
      workstations = {
        my-workstation = {
          labels = {
            team = "my-team"
          }
        }
      }
    }
  }
}
# tftest modules=1 resources=3 inventory=private-cluster.yaml

Custom image

Example showing how to create a cluster with publicly accessible workstation that run a custom image.

module "workstation-cluster" {
  source     = "./fabric/modules/workstation-cluster"
  project_id = var.project_id
  id         = "my-workstation-cluster"
  location   = var.region
  network_config = {
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
  }
  workstation_configs = {
    my-workstation-config = {
      container = {
        image = "repo/my-image:v10.0.0"
        args  = ["--arg1", "value1", "--arg2", "value2"]
        env = {
          VAR1 = "VALUE1"
          VAR2 = "VALUE2"
        }
        working_dir = "/my-dir"
      }
      workstations = {
        my-workstation = {
          labels = {
            team = "my-team"
          }
        }
      }
    }
  }
}
# tftest modules=1 resources=3 inventory=custom-image.yaml

IAM

Example showing how to grant IAM roles on the workstation configuration or workstation.

module "workstation-cluster" {
  source     = "./fabric/modules/workstation-cluster"
  project_id = var.project_id
  id         = "my-workstation-cluster"
  location   = var.region
  network_config = {
    network    = var.vpc.self_link
    subnetwork = var.subnet.self_link
  }
  workstation_configs = {
    my-workstation-config = {
      workstations = {
        my-workstation = {
          labels = {
            team = "my-team"
          }
          iam = {
            "roles/workstations.user" = ["user:user1@my-org.com"]
          }
        }
      }
      iam = {
        "roles/viewer" = ["group:group1@my-org.com"]
      }
      iam_bindings = {
        workstations-config-viewer = {
          role    = "roles/viewer"
          members = ["group:group2@my-org.com"]
          condition = {
            title      = "limited-access"
            expression = "resource.name.startsWith('my-')"
          }
        }
      }
      iam_bindings_additive = {
        workstations-config-editor = {
          role   = "roles/editor"
          member = "group:group3@my-org.com"
          condition = {
            title      = "limited-access"
            expression = "resource.name.startsWith('my-')"
          }
        }
      }
    }
  }
}
# tftest modules=1 resources=7 inventory=iam.yaml

Variables

name	description	type	required	default
id	Workstation cluster ID.	`string`	✓
location	Location.	`string`	✓
network_config	Network configuration.	`object({…})`	✓
project_id	Cluster ID.	`string`	✓
workstation_configs	Workstation configurations.	`map(object({…}))`	✓
annotations	Workstation cluster annotations.	`map(string)`		`{}`
display_name	Display name.	`string`		`null`
domain	Domain.	`string`		`null`
labels	Workstation cluster labels.	`map(string)`		`{}`
private_cluster_config	Private cluster config.	`object({…})`		`{}`

Outputs

name	description	sensitive
cluster_hostname	Cluster hostname.
id	Workstation cluster id.
service_attachment_uri	Workstation service attachment URI.
workstation_configs	Workstation configurations.
workstations	Workstations.