diff --git a/metadata.yaml b/metadata.yaml index 8f8ffaa1..c2d77f44 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,183 +19,306 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Terraform Network Module - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - subBlueprints: - - name: fabric-net-firewall - location: modules/fabric-net-firewall - - name: fabric-net-svpc-access - location: modules/fabric-net-svpc-access - - name: firewall-rules - location: modules/firewall-rules - - name: network-peering - location: modules/network-peering - - name: private-service-connect - location: modules/private-service-connect - - name: routes - location: modules/routes - - name: routes-beta - location: modules/routes-beta - - name: subnets - location: modules/subnets - - name: subnets-beta - location: modules/subnets-beta - - name: vpc - location: modules/vpc - - name: vpc-serverless-connector-beta - location: modules/vpc-serverless-connector-beta - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: auto_create_subnetworks - description: When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. - type: bool - default: false - required: false - - name: delete_default_internet_gateway_routes - description: If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted - type: bool - default: false - required: false - - name: description - description: An optional description of this resource. The resource must be recreated to modify this field. - type: string - default: "" - required: false - - name: firewall_rules - description: List of firewall rules - type: any - default: [] - required: false - - name: mtu - description: 'The network MTU (If set to 0, meaning MTU is unset - defaults to ''1460''). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively.' - type: number - default: 0 - required: false - - name: network_name - description: The name of the network being created - type: string - required: true - - name: project_id - description: The ID of the project where this VPC will be created - type: string - required: true - - name: routes - description: List of routes being created in this VPC - type: list(map(string)) - default: [] - required: false - - name: routing_mode - description: The network routing mode (default 'GLOBAL') - type: string - default: GLOBAL - required: false - - name: secondary_ranges - description: Secondary ranges that will be used in some of the subnets - type: map(list(object({ range_name = string, ip_cidr_range = string }))) - default: {} - required: false - - name: shared_vpc_host - description: Makes this project a Shared VPC host if 'true' (default 'false') - type: bool - default: false - required: false - - name: subnets - description: The list of subnets being created - type: list(object({subnet_name = string, subnet_ip = string, subnet_region = string, subnet_private_access = optional(string), subnet_private_ipv6_access = optional(string), subnet_flow_logs = optional(string), subnet_flow_logs_interval = optional(string), subnet_flow_logs_sampling = optional(string), subnet_flow_logs_metadata = optional(string), subnet_flow_logs_filter = optional(string), subnet_flow_logs_metadata_fields = optional(list(string)), description = optional(string)})) - required: true - outputs: - - name: network - description: The created network - - name: network_id - description: The ID of the VPC being created - - name: network_name - description: The name of the VPC being created - - name: network_self_link - description: The URI of the VPC being created - - name: project_id - description: VPC project id - - name: route_names - description: The route names associated with this VPC - - name: subnets - description: A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets. - - name: subnets_flow_logs - description: Whether the subnets will have VPC flow logs enabled - - name: subnets_ids - description: The IDs of the subnets being created - - name: subnets_ips - description: The IPs and CIDRs of the subnets being created - - name: subnets_names - description: The names of the subnets being created - - name: subnets_private_access - description: Whether the subnets will have access to Google API's without a public IP - - name: subnets_regions - description: The region where the subnets will be created - - name: subnets_secondary_ranges - description: The secondary ranges associated with these subnets - - name: subnets_self_links - description: The self-links of subnets being created - roles: - - level: Project + info: + title: Terraform Network Module + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 1.3" + description: {} + content: + subBlueprints: + - name: fabric-net-firewall + location: modules/fabric-net-firewall + - name: fabric-net-svpc-access + location: modules/fabric-net-svpc-access + - name: firewall-rules + location: modules/firewall-rules + - name: hierarchical-firewall-policy + location: modules/hierarchical-firewall-policy + - name: network-firewall-policy + location: modules/network-firewall-policy + - name: network-peering + location: modules/network-peering + - name: private-service-connect + location: modules/private-service-connect + - name: routes + location: modules/routes + - name: routes-beta + location: modules/routes-beta + - name: subnets + location: modules/subnets + - name: subnets-beta + location: modules/subnets-beta + - name: vpc + location: modules/vpc + - name: vpc-serverless-connector-beta + location: modules/vpc-serverless-connector-beta + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: auto_create_subnetworks + description: When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. + varType: bool + defaultValue: false + - name: delete_default_internet_gateway_routes + description: If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted + varType: bool + defaultValue: false + - name: description + description: An optional description of this resource. The resource must be recreated to modify this field. + varType: string + defaultValue: "" + - name: egress_rules + description: List of egress rules. This will be ignored if variable 'rules' is non-empty + varType: |- + list(object({ + name = string + description = optional(string, null) + disabled = optional(bool, null) + priority = optional(number, null) + destination_ranges = optional(list(string), []) + source_ranges = optional(list(string), []) + source_tags = optional(list(string)) + source_service_accounts = optional(list(string)) + target_tags = optional(list(string)) + target_service_accounts = optional(list(string)) + + allow = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + deny = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + log_config = optional(object({ + metadata = string + })) + })) + defaultValue: [] + - name: enable_ipv6_ula + description: Enabled IPv6 ULA, this is a permenant change and cannot be undone! (default 'false') + varType: bool + defaultValue: false + - name: firewall_rules + description: This is DEPRICATED and available for backward compatiblity. Use ingress_rules and egress_rules variables. List of firewall rules + varType: |- + list(object({ + name = string + description = optional(string, null) + direction = optional(string, "INGRESS") + disabled = optional(bool, null) + priority = optional(number, null) + ranges = optional(list(string), []) + source_tags = optional(list(string)) + source_service_accounts = optional(list(string)) + target_tags = optional(list(string)) + target_service_accounts = optional(list(string)) + + allow = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + deny = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + log_config = optional(object({ + metadata = string + })) + })) + defaultValue: [] + - name: ingress_rules + description: List of ingress rules. This will be ignored if variable 'rules' is non-empty + varType: |- + list(object({ + name = string + description = optional(string, null) + disabled = optional(bool, null) + priority = optional(number, null) + destination_ranges = optional(list(string), []) + source_ranges = optional(list(string), []) + source_tags = optional(list(string)) + source_service_accounts = optional(list(string)) + target_tags = optional(list(string)) + target_service_accounts = optional(list(string)) + + allow = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + deny = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + log_config = optional(object({ + metadata = string + })) + })) + defaultValue: [] + - name: internal_ipv6_range + description: When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null) + varType: string + - name: mtu + description: "The network MTU (If set to 0, meaning MTU is unset - defaults to '1460'). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively." + varType: number + defaultValue: 0 + - name: network_firewall_policy_enforcement_order + description: Set the order that Firewall Rules and Firewall Policies are evaluated. Valid values are `BEFORE_CLASSIC_FIREWALL` and `AFTER_CLASSIC_FIREWALL`. (default null or equivalent to `AFTER_CLASSIC_FIREWALL`) + varType: string + - name: network_name + description: The name of the network being created + varType: string + required: true + - name: project_id + description: The ID of the project where this VPC will be created + varType: string + required: true + - name: routes + description: List of routes being created in this VPC + varType: list(map(string)) + defaultValue: [] + - name: routing_mode + description: The network routing mode (default 'GLOBAL') + varType: string + defaultValue: GLOBAL + - name: secondary_ranges + description: Secondary ranges that will be used in some of the subnets + varType: map(list(object({ range_name = string, ip_cidr_range = string }))) + defaultValue: {} + - name: shared_vpc_host + description: Makes this project a Shared VPC host if 'true' (default 'false') + varType: bool + defaultValue: false + - name: subnets + description: The list of subnets being created + varType: |- + list(object({ + subnet_name = string + subnet_ip = string + subnet_region = string + subnet_private_access = optional(string) + subnet_private_ipv6_access = optional(string) + subnet_flow_logs = optional(string) + subnet_flow_logs_interval = optional(string) + subnet_flow_logs_sampling = optional(string) + subnet_flow_logs_metadata = optional(string) + subnet_flow_logs_filter = optional(string) + subnet_flow_logs_metadata_fields = optional(list(string)) + description = optional(string) + purpose = optional(string) + role = optional(string) + stack_type = optional(string) + ipv6_access_type = optional(string) + })) + required: true + outputs: + - name: network + description: The created network + - name: network_id + description: The ID of the VPC being created + - name: network_name + description: The name of the VPC being created + - name: network_self_link + description: The URI of the VPC being created + - name: project_id + description: VPC project id + - name: route_names + description: The route names associated with this VPC + - name: subnets + description: A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets. + - name: subnets_flow_logs + description: Whether the subnets will have VPC flow logs enabled + - name: subnets_ids + description: The IDs of the subnets being created + - name: subnets_ips + description: The IPs and CIDRs of the subnets being created + - name: subnets_names + description: The names of the subnets being created + - name: subnets_private_access + description: Whether the subnets will have access to Google API's without a public IP + - name: subnets_regions + description: The region where the subnets will be created + - name: subnets_secondary_ranges + description: The secondary ranges associated with these subnets + - name: subnets_self_links + description: The self-links of subnets being created + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/fabric-net-firewall/metadata.yaml b/modules/fabric-net-firewall/metadata.yaml index c309b37c..ac7ee87f 100644 --- a/modules/fabric-net-firewall/metadata.yaml +++ b/modules/fabric-net-firewall/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,183 +19,191 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Google Cloud VPC Firewall - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: admin_ranges - description: IP CIDR ranges that have complete access to all subnets. - type: list(string) - default: [] - required: false - - name: admin_ranges_enabled - description: Enable admin ranges-based rules. - type: bool - default: false - required: false - - name: custom_rules - description: List of custom rule definitions (refer to variables file for syntax). - type: |- - map(object({ - description = string - direction = string - action = string # (allow|deny) - ranges = list(string) - sources = list(string) - targets = list(string) - use_service_accounts = bool - rules = list(object({ - protocol = string - ports = list(string) - })) - extra_attributes = map(string) - })) - default: {} - required: false - - name: http_source_ranges - description: List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0. - type: list(string) - default: - - 0.0.0.0/0 - required: false - - name: http_target_tags - description: List of target tags for tag-based HTTP rule, defaults to http-server. - type: list(string) - default: - - http-server - required: false - - name: https_source_ranges - description: List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0. - type: list(string) - default: - - 0.0.0.0/0 - required: false - - name: https_target_tags - description: List of target tags for tag-based HTTPS rule, defaults to https-server. - type: list(string) - default: - - https-server - required: false - - name: internal_allow - description: Allow rules for internal ranges. - type: |- - list(object({ - protocol = string - ports = optional(list(string)) - })) - default: - - protocol: icmp - required: false - - name: internal_ranges - description: IP CIDR ranges for intra-VPC rules. - type: list(string) - default: [] - required: false - - name: internal_ranges_enabled - description: Create rules for intra-VPC ranges. - type: bool - default: false - required: false - - name: internal_target_tags - description: List of target tags for intra-VPC rules. - type: list(string) - default: [] - required: false - - name: network - description: Name of the network this set of firewall rules applies to. - type: string - required: true - - name: project_id - description: Project id of the project that holds the network. - type: string - required: true - - name: ssh_source_ranges - description: List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0. - type: list(string) - default: - - 0.0.0.0/0 - required: false - - name: ssh_target_tags - description: List of target tags for tag-based SSH rule, defaults to ssh. - type: list(string) - default: - - ssh - required: false - outputs: - - name: admin_ranges - description: Admin ranges data. - - name: custom_egress_allow_rules - description: Custom egress rules with allow blocks. - - name: custom_egress_deny_rules - description: Custom egress rules with allow blocks. - - name: custom_ingress_allow_rules - description: Custom ingress rules with allow blocks. - - name: custom_ingress_deny_rules - description: Custom ingress rules with deny blocks. - - name: internal_ranges - description: Internal ranges. - roles: - - level: Project + info: + title: Google Cloud VPC Firewall + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/fabric-net-firewall + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 1.3" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: admin_ranges + description: IP CIDR ranges that have complete access to all subnets. + varType: list(string) + defaultValue: [] + - name: admin_ranges_enabled + description: Enable admin ranges-based rules. + varType: bool + defaultValue: false + - name: custom_rules + description: List of custom rule definitions (refer to variables file for syntax). + varType: |- + map(object({ + description = string + direction = string + action = string # (allow|deny) + ranges = list(string) + sources = list(string) + targets = list(string) + use_service_accounts = bool + rules = list(object({ + protocol = string + ports = list(string) + })) + extra_attributes = map(string) + })) + defaultValue: {} + - name: http_source_ranges + description: List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0. + varType: list(string) + defaultValue: + - 0.0.0.0/0 + - name: http_target_tags + description: List of target tags for tag-based HTTP rule, defaults to http-server. + varType: list(string) + defaultValue: + - http-server + - name: https_source_ranges + description: List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0. + varType: list(string) + defaultValue: + - 0.0.0.0/0 + - name: https_target_tags + description: List of target tags for tag-based HTTPS rule, defaults to https-server. + varType: list(string) + defaultValue: + - https-server + - name: internal_allow + description: Allow rules for internal ranges. + varType: |- + list(object({ + protocol = string + ports = optional(list(string)) + })) + defaultValue: + - protocol: icmp + - name: internal_ranges + description: IP CIDR ranges for intra-VPC rules. + varType: list(string) + defaultValue: [] + - name: internal_ranges_enabled + description: Create rules for intra-VPC ranges. + varType: bool + defaultValue: false + - name: internal_target_tags + description: List of target tags for intra-VPC rules. + varType: list(string) + defaultValue: [] + - name: network + description: Name of the network this set of firewall rules applies to. + varType: string + required: true + - name: project_id + description: Project id of the project that holds the network. + varType: string + required: true + - name: ssh_source_ranges + description: List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0. + varType: list(string) + defaultValue: + - 0.0.0.0/0 + - name: ssh_target_tags + description: List of target tags for tag-based SSH rule, defaults to ssh. + varType: list(string) + defaultValue: + - ssh + outputs: + - name: admin_ranges + description: Admin ranges data. + - name: custom_egress_allow_rules + description: Custom egress rules with allow blocks. + - name: custom_egress_deny_rules + description: Custom egress rules with allow blocks. + - name: custom_ingress_allow_rules + description: Custom ingress rules with allow blocks. + - name: custom_ingress_deny_rules + description: Custom ingress rules with deny blocks. + - name: internal_ranges + description: Internal ranges. + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/fabric-net-svpc-access/metadata.yaml b/modules/fabric-net-svpc-access/metadata.yaml index bd6a5c0d..41d95bf5 100644 --- a/modules/fabric-net-svpc-access/metadata.yaml +++ b/modules/fabric-net-svpc-access/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,108 +19,124 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Google Cloud Shared VPC Access Configuration - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: host_project_id - description: Project id of the shared VPC host project. - type: string - required: true - - name: host_service_agent_role - description: Assign host service agent role to users in host_service_agent_users variable. - type: bool - default: false - required: false - - name: host_service_agent_users - description: List of IAM-style users that will be granted the host service agent role on the host project. - type: list(string) - default: [] - required: false - - name: host_subnet_regions - description: List of subnet regions, one per subnet. - type: list(string) - default: [] - required: false - - name: host_subnet_users - description: Map of comma-delimited IAM-style members to which network user roles for subnets will be assigned. - type: map(any) - default: {} - required: false - - name: host_subnets - description: List of subnet names on which to grant network user role. - type: list(string) - default: [] - required: false - - name: service_project_ids - description: Ids of the service projects that will be attached to the Shared VPC. - type: list(string) - required: true - outputs: - - name: service_projects - description: Project ids of the services with access to all subnets. - roles: - - level: Project + info: + title: Google Cloud Shared VPC Access Configuration + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/fabric-net-svpc-access + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: host_project_id + description: Project id of the shared VPC host project. + varType: string + required: true + - name: host_service_agent_role + description: Assign host service agent role to users in host_service_agent_users variable. + varType: bool + defaultValue: false + - name: host_service_agent_users + description: List of IAM-style users that will be granted the host service agent role on the host project. + varType: list(string) + defaultValue: [] + - name: host_subnet_regions + description: List of subnet regions, one per subnet. + varType: list(string) + defaultValue: [] + - name: host_subnet_users + description: Map of comma-delimited IAM-style members to which network user roles for subnets will be assigned. + varType: map(any) + defaultValue: {} + - name: host_subnets + description: List of subnet names on which to grant network user role. + varType: list(string) + defaultValue: [] + - name: service_project_ids + description: Ids of the service projects that will be attached to the Shared VPC. + varType: list(string) + required: true + outputs: + - name: service_projects + description: Project ids of the services with access to all subnets. + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/firewall-rules/metadata.yaml b/modules/firewall-rules/metadata.yaml index b16097b7..a17efa29 100644 --- a/modules/firewall-rules/metadata.yaml +++ b/modules/firewall-rules/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,110 +19,190 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Google Cloud VPC Firewall Rules - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: network_name - description: Name of the network this set of firewall rules applies to. - type: string - required: true - - name: project_id - description: Project id of the project that holds the network. - type: string - required: true - - name: rules - description: List of custom rule definitions (refer to variables file for syntax). - type: |- - list(object({ - name = string - description = string - direction = string - priority = number - ranges = list(string) - source_tags = list(string) - source_service_accounts = list(string) - target_tags = list(string) - target_service_accounts = list(string) - allow = list(object({ - protocol = string - ports = list(string) - })) - deny = list(object({ - protocol = string - ports = list(string) - })) - log_config = object({ - metadata = string - }) - })) - default: [] - required: false - outputs: - - name: firewall_rules - description: The created firewall rule resources - roles: - - level: Project + info: + title: Google Cloud VPC Firewall Rules + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/firewall-rules + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 1.3.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: egress_rules + description: List of egress rules. This will be ignored if variable 'rules' is non-empty + varType: |- + list(object({ + name = string + description = optional(string, null) + disabled = optional(bool, null) + priority = optional(number, null) + destination_ranges = optional(list(string), []) + source_ranges = optional(list(string), []) + source_tags = optional(list(string)) + source_service_accounts = optional(list(string)) + target_tags = optional(list(string)) + target_service_accounts = optional(list(string)) + + allow = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + deny = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + log_config = optional(object({ + metadata = string + })) + })) + defaultValue: [] + - name: ingress_rules + description: List of ingress rules. This will be ignored if variable 'rules' is non-empty + varType: |- + list(object({ + name = string + description = optional(string, null) + disabled = optional(bool, null) + priority = optional(number, null) + destination_ranges = optional(list(string), []) + source_ranges = optional(list(string), []) + source_tags = optional(list(string)) + source_service_accounts = optional(list(string)) + target_tags = optional(list(string)) + target_service_accounts = optional(list(string)) + + allow = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + deny = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + log_config = optional(object({ + metadata = string + })) + })) + defaultValue: [] + - name: network_name + description: Name of the network this set of firewall rules applies to. + varType: string + required: true + - name: project_id + description: Project id of the project that holds the network. + varType: string + required: true + - name: rules + description: This is DEPRICATED and available for backward compatiblity. Use ingress_rules and egress_rules variables. List of custom rule definitions + varType: |- + list(object({ + name = string + description = optional(string, null) + direction = optional(string, "INGRESS") + disabled = optional(bool, null) + priority = optional(number, null) + ranges = optional(list(string), []) + source_tags = optional(list(string)) + source_service_accounts = optional(list(string)) + target_tags = optional(list(string)) + target_service_accounts = optional(list(string)) + + allow = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + deny = optional(list(object({ + protocol = string + ports = optional(list(string)) + })), []) + log_config = optional(object({ + metadata = string + })) + })) + defaultValue: [] + outputs: + - name: firewall_rules + description: The created firewall rule resources + - name: firewall_rules_ingress_egress + description: The created firewall ingress/egress rule resources + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/hierarchical-firewall-policy/metadata.yaml b/modules/hierarchical-firewall-policy/metadata.yaml new file mode 100644 index 00000000..b5f71f87 --- /dev/null +++ b/modules/hierarchical-firewall-policy/metadata.yaml @@ -0,0 +1,167 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintMetadata +metadata: + name: terraform-google-network + annotations: + config.kubernetes.io/local-config: "true" +spec: + info: + title: Google Cloud Hierarchical Firewall Policy + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/hierarchical-firewall-policy + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 1.3.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: description + description: An optional description of this resource. Provide this property when you create the resource + varType: string + - name: parent_node + description: The parent of the firewall policy. Parent should be in format organizations/ or folders/ + varType: string + required: true + - name: policy_name + description: User-provided name of the hierarchical firewall policy + varType: string + required: true + - name: rules + description: List of Ingress/Egress rules + varType: |- + list(object({ + priority = number + direction = string + action = string + rule_name = optional(string) + disabled = optional(bool) + description = optional(string) + enable_logging = optional(bool) + target_service_accounts = optional(list(string), []) + target_resources = optional(list(string), []) + match = object({ + src_ip_ranges = optional(list(string), []) + src_fqdns = optional(list(string), []) + src_region_codes = optional(list(string), []) + src_threat_intelligences = optional(list(string), []) + src_address_groups = optional(list(string), []) + dest_ip_ranges = optional(list(string), []) + dest_fqdns = optional(list(string), []) + dest_region_codes = optional(list(string), []) + dest_threat_intelligences = optional(list(string), []) + dest_address_groups = optional(list(string), []) + layer4_configs = optional(list(object({ + ip_protocol = optional(string, "all") + ports = optional(list(string), []) + })), [{}]) + }) + })) + defaultValue: [] + - name: target_folders + description: List of target folders IDs that the firewall policy will be attached to + varType: list(string) + defaultValue: [] + - name: target_org + description: Target org id that the firewall policy will be attached to + varType: string + outputs: + - name: fw_policy + description: Firewall policy created + - name: rules + description: Firewall policy rules created + - name: target_associations + description: folders/orgs associations created + requirements: + roles: + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/network-firewall-policy/metadata.yaml b/modules/network-firewall-policy/metadata.yaml new file mode 100644 index 00000000..8c80c89f --- /dev/null +++ b/modules/network-firewall-policy/metadata.yaml @@ -0,0 +1,168 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: blueprints.cloud.google.com/v1alpha1 +kind: BlueprintMetadata +metadata: + name: terraform-google-network-network-firewall-policy + annotations: + config.kubernetes.io/local-config: "true" +spec: + info: + title: Google Cloud Network Firewall Policy + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/network-firewall-policy + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 1.3.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: description + description: An optional description of this resource. Provide this property when you create the resource + varType: string + - name: policy_name + description: User-provided name of the Network firewall policy + varType: string + required: true + - name: policy_region + description: Location of the firewall policy. Needed for regional firewall policies. Default is null (Global firewall policy) + varType: string + - name: project_id + description: Project ID of the Network firewall policy + varType: string + required: true + - name: rules + description: List of Ingress/Egress rules + varType: |- + list(object({ + priority = number + direction = string + action = string + rule_name = optional(string) + disabled = optional(bool) + description = optional(string) + enable_logging = optional(bool) + target_secure_tags = optional(list(string)) + target_service_accounts = optional(list(string)) + match = object({ + src_ip_ranges = optional(list(string), []) + src_fqdns = optional(list(string), []) + src_region_codes = optional(list(string), []) + src_secure_tags = optional(list(string), []) + src_threat_intelligences = optional(list(string), []) + src_address_groups = optional(list(string), []) + dest_ip_ranges = optional(list(string), []) + dest_fqdns = optional(list(string), []) + dest_region_codes = optional(list(string), []) + dest_threat_intelligences = optional(list(string), []) + dest_address_groups = optional(list(string), []) + layer4_configs = optional(list(object({ + ip_protocol = optional(string, "all") + ports = optional(list(string), []) + })), [{}]) + }) + })) + defaultValue: [] + - name: target_vpcs + description: List of target VPC IDs that the firewall policy will be attached to + varType: list(string) + defaultValue: [] + outputs: + - name: fw_policy + description: Firewall policy created + - name: rules + description: Firewall policy rules created + - name: vpc_associations + description: VPC associations created + requirements: + roles: + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/network-peering/metadata.yaml b/modules/network-peering/metadata.yaml index 8ebd14e7..7c85aabd 100644 --- a/modules/network-peering/metadata.yaml +++ b/modules/network-peering/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,117 +19,136 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Google Network Peering - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: export_local_custom_routes - description: Export custom routes to peer network from local network. - type: bool - default: false - required: false - - name: export_local_subnet_routes_with_public_ip - description: Export custom routes to peer network from local network (defaults to true; causes the Local Peering Connection to align with the [provider default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network_peering#export_subnet_routes_with_public_ip), and the Remote Peering Connection to be opposite the provider default). - type: bool - default: true - required: false - - name: export_peer_custom_routes - description: Export custom routes to local network from peer network. - type: bool - default: false - required: false - - name: export_peer_subnet_routes_with_public_ip - description: Export custom routes to local network from peer network (defaults to false; causes the Local Peering Connection to align with the [provider default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network_peering#import_subnet_routes_with_public_ip), and the Remote Peering Connection to be opposite the provider default). - type: bool - default: false - required: false - - name: local_network - description: Resource link of the network to add a peering to. - type: string - required: true - - name: module_depends_on - description: List of modules or resources this module depends on. - type: list(any) - default: [] - required: false - - name: peer_network - description: Resource link of the peer network. - type: string - required: true - - name: prefix - description: Name prefix for the network peerings - type: string - default: network-peering - required: false - outputs: - - name: complete - description: Output to be used as a module dependency. - - name: local_network_peering - description: Network peering resource. - - name: peer_network_peering - description: Peer network peering resource. - roles: - - level: Project + info: + title: Google Network Peering + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/network-peering + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: export_local_custom_routes + description: Export custom routes to peer network from local network. + varType: bool + defaultValue: false + - name: export_local_subnet_routes_with_public_ip + description: Export custom routes to peer network from local network (defaults to true; causes the Local Peering Connection to align with the [provider default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network_peering#export_subnet_routes_with_public_ip), and the Remote Peering Connection to be opposite the provider default). + varType: bool + defaultValue: true + - name: export_peer_custom_routes + description: Export custom routes to local network from peer network. + varType: bool + defaultValue: false + - name: export_peer_subnet_routes_with_public_ip + description: Export custom routes to local network from peer network (defaults to false; causes the Local Peering Connection to align with the [provider default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network_peering#import_subnet_routes_with_public_ip), and the Remote Peering Connection to be opposite the provider default). + varType: bool + defaultValue: false + - name: local_network + description: Resource link of the network to add a peering to. + varType: string + required: true + - name: module_depends_on + description: List of modules or resources this module depends on. + varType: list(any) + defaultValue: [] + - name: peer_network + description: Resource link of the peer network. + varType: string + required: true + - name: prefix + description: Name prefix for the network peerings + varType: string + defaultValue: network-peering + - name: stack_type + description: "Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]." + varType: string + defaultValue: IPV4_ONLY + outputs: + - name: complete + description: Output to be used as a module dependency. + - name: local_network_peering + description: Network peering resource. + - name: peer_network_peering + description: Peer network peering resource. + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/private-service-connect/metadata.yaml b/modules/private-service-connect/metadata.yaml index 6e4fdcd9..ba4bbac1 100644 --- a/modules/private-service-connect/metadata.yaml +++ b/modules/private-service-connect/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,120 +19,144 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Private Service Connect - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: dns_code - description: Code to identify DNS resources in the form of `{dns_code}-{dns_type}` - type: string - default: dz - required: false - - name: forwarding_rule_name - description: Forwarding rule resource name. The forwarding rule name for PSC Google APIs must be an 1-20 characters string with lowercase letters and numbers and must start with a letter. Defaults to `globalrule` - type: string - default: globalrule - required: false - - name: forwarding_rule_target - description: Target resource to receive the matched traffic. Only `all-apis` and `vpc-sc` are valid. - type: string - required: true - - name: network_self_link - description: Network self link for Private Service Connect. - type: string - required: true - - name: private_service_connect_ip - description: The internal IP to be used for the private service connect. - type: string - required: true - - name: private_service_connect_name - description: Private Service Connect endpoint name. Defaults to `global-psconnect-ip` - type: string - default: global-psconnect-ip - required: false - - name: project_id - description: Project ID for Private Service Connect. - type: string - required: true - outputs: - - name: dns_zone_gcr_name - description: Name for Managed DNS zone for GCR - - name: dns_zone_googleapis_name - description: Name for Managed DNS zone for GoogleAPIs - - name: dns_zone_pkg_dev_name - description: Name for Managed DNS zone for PKG_DEV - - name: forwarding_rule_name - description: Forwarding rule resource name. - - name: forwarding_rule_target - description: Target resource to receive the matched traffic. Only `all-apis` and `vpc-sc` are valid. - - name: global_address_id - description: An identifier for the global address created for the private service connect with format `projects/{{project}}/global/addresses/{{name}}` - - name: private_service_connect_ip - description: Private service connect ip - - name: private_service_connect_name - description: Private service connect name - roles: - - level: Project + info: + title: Private Service Connect + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/private-service-connect + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: dns_code + description: Code to identify DNS resources in the form of `{dns_code}-{dns_type}` + varType: string + defaultValue: dz + - name: forwarding_rule_name + description: Forwarding rule resource name. The forwarding rule name for PSC Google APIs must be an 1-20 characters string with lowercase letters and numbers and must start with a letter. Defaults to `globalrule` + varType: string + defaultValue: globalrule + - name: forwarding_rule_target + description: Target resource to receive the matched traffic. Only `all-apis` and `vpc-sc` are valid. + varType: string + required: true + - name: network_self_link + description: Network self link for Private Service Connect. + varType: string + required: true + - name: private_service_connect_ip + description: The internal IP to be used for the private service connect. + varType: string + required: true + - name: private_service_connect_name + description: Private Service Connect endpoint name. Defaults to `global-psconnect-ip` + varType: string + defaultValue: global-psconnect-ip + - name: project_id + description: Project ID for Private Service Connect. + varType: string + required: true + - name: service_directory_namespace + description: Service Directory namespace to register the forwarding rule under. + varType: string + - name: service_directory_region + description: Service Directory region to register this global forwarding rule under. Defaults to `us-central1` if not defined. + varType: string + outputs: + - name: dns_zone_gcr_name + description: Name for Managed DNS zone for GCR + - name: dns_zone_googleapis_name + description: Name for Managed DNS zone for GoogleAPIs + - name: dns_zone_pkg_dev_name + description: Name for Managed DNS zone for PKG_DEV + - name: forwarding_rule_name + description: Forwarding rule resource name. + - name: forwarding_rule_target + description: Target resource to receive the matched traffic. Only `all-apis` and `vpc-sc` are valid. + - name: global_address_id + description: An identifier for the global address created for the private service connect with format `projects/{{project}}/global/addresses/{{name}}` + - name: private_service_connect_ip + description: Private service connect ip + - name: private_service_connect_name + description: Private service connect name + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/routes-beta/metadata.yaml b/modules/routes-beta/metadata.yaml index 2222a124..5bd4cca2 100644 --- a/modules/routes-beta/metadata.yaml +++ b/modules/routes-beta/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,98 +19,116 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Terraform Routes Beta Module - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: module_depends_on - description: List of modules or resources this module depends on. - type: list(any) - default: [] - required: false - - name: network_name - description: The name of the network where routes will be created - type: string - required: true - - name: project_id - description: The ID of the project where the routes will be created - type: string - required: true - - name: routes - description: List of routes being created in this VPC - type: list(map(string)) - default: [] - required: false - - name: routes_count - description: Amount of routes being created in this VPC - type: number - default: 0 - required: false - outputs: - - name: routes - description: The created routes resources - roles: - - level: Project + info: + title: Terraform Routes Beta Module + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/routes-beta + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: module_depends_on + description: List of modules or resources this module depends on. + varType: list(any) + defaultValue: [] + - name: network_name + description: The name of the network where routes will be created + varType: string + required: true + - name: project_id + description: The ID of the project where the routes will be created + varType: string + required: true + - name: routes + description: List of routes being created in this VPC + varType: list(map(string)) + defaultValue: [] + - name: routes_count + description: Amount of routes being created in this VPC + varType: number + defaultValue: 0 + outputs: + - name: routes + description: The created routes resources + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/routes/metadata.yaml b/modules/routes/metadata.yaml index 6ce05e04..7b446979 100644 --- a/modules/routes/metadata.yaml +++ b/modules/routes/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,93 +19,112 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Terraform Routes Module - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: module_depends_on - description: List of modules or resources this module depends on. - type: list(any) - default: [] - required: false - - name: network_name - description: The name of the network where routes will be created - type: string - required: true - - name: project_id - description: The ID of the project where the routes will be created - type: string - required: true - - name: routes - description: List of routes being created in this VPC - type: list(map(string)) - default: [] - required: false - outputs: - - name: routes - description: The created routes resources - roles: - - level: Project + info: + title: Terraform Routes Module + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/routes + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: module_depends_on + description: List of modules or resources this module depends on. + varType: list(any) + defaultValue: [] + - name: network_name + description: The name of the network where routes will be created + varType: string + required: true + - name: project_id + description: The ID of the project where the routes will be created + varType: string + required: true + - name: routes + description: List of routes being created in this VPC + varType: list(map(string)) + defaultValue: [] + outputs: + - name: routes + description: The created routes resources + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/subnets-beta/metadata.yaml b/modules/subnets-beta/metadata.yaml index a6544872..f45e17f0 100644 --- a/modules/subnets-beta/metadata.yaml +++ b/modules/subnets-beta/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,97 +19,134 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Terraform Subnets Beta Module - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: module_depends_on - description: List of modules or resources this module depends on. - type: list(any) - default: [] - required: false - - name: network_name - description: The name of the network where subnets will be created - type: string - required: true - - name: project_id - description: The ID of the project where subnets will be created - type: string - required: true - - name: secondary_ranges - description: Secondary ranges that will be used in some of the subnets - type: map(list(object({ range_name = string, ip_cidr_range = string }))) - default: {} - required: false - - name: subnets - description: The list of subnets being created - type: list(object({subnet_name = string, subnet_ip = string, subnet_region = string, subnet_private_access = optional(string), subnet_private_ipv6_access = optional(string), subnet_flow_logs = optional(string), subnet_flow_logs_interval = optional(string), subnet_flow_logs_sampling = optional(string), subnet_flow_logs_metadata = optional(string), subnet_flow_logs_filter = optional(string), subnet_flow_logs_metadata_fields = optional(list(string)), description = optional(string)})) - required: true - outputs: - - name: subnets - description: The created subnet resources - roles: - - level: Project + info: + title: Terraform Subnets Beta Module + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/subnets-beta + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: module_depends_on + description: List of modules or resources this module depends on. + varType: list(any) + defaultValue: [] + - name: network_name + description: The name of the network where subnets will be created + varType: string + required: true + - name: project_id + description: The ID of the project where subnets will be created + varType: string + required: true + - name: secondary_ranges + description: Secondary ranges that will be used in some of the subnets + varType: map(list(object({ range_name = string, ip_cidr_range = string }))) + defaultValue: {} + - name: subnets + description: The list of subnets being created + varType: |- + list(object({ + subnet_name = string + subnet_ip = string + subnet_region = string + subnet_private_access = optional(string, "false") + subnet_private_ipv6_access = optional(string) + subnet_flow_logs = optional(bool, false) + subnet_flow_logs_interval = optional(string, "INTERVAL_5_SEC") + subnet_flow_logs_sampling = optional(string, "0.5") + subnet_flow_logs_metadata = optional(string, "INCLUDE_ALL_METADATA") + subnet_flow_logs_filter = optional(string, "true") + subnet_flow_logs_metadata_fields = optional(list(string), []) + description = optional(string) + purpose = optional(string) + role = optional(string) + stack_type = optional(string) + ipv6_access_type = optional(string) + })) + required: true + outputs: + - name: subnets + description: The created subnet resources + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/subnets/metadata.yaml b/modules/subnets/metadata.yaml index 2d6dc944..8e0c8916 100644 --- a/modules/subnets/metadata.yaml +++ b/modules/subnets/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,92 +19,130 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Terraform Subnets Module - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: network_name - description: The name of the network where subnets will be created - type: string - required: true - - name: project_id - description: The ID of the project where subnets will be created - type: string - required: true - - name: secondary_ranges - description: Secondary ranges that will be used in some of the subnets - type: map(list(object({ range_name = string, ip_cidr_range = string }))) - default: {} - required: false - - name: subnets - description: The list of subnets being created - type: list(object({subnet_name = string, subnet_ip = string, subnet_region = string, subnet_private_access = optional(string), subnet_private_ipv6_access = optional(string), subnet_flow_logs = optional(string), subnet_flow_logs_interval = optional(string), subnet_flow_logs_sampling = optional(string), subnet_flow_logs_metadata = optional(string), subnet_flow_logs_filter = optional(string), subnet_flow_logs_metadata_fields = optional(list(string)), description = optional(string)})) - required: true - outputs: - - name: subnets - description: The created subnet resources - roles: - - level: Project + info: + title: Terraform Subnets Module + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/subnets + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: network_name + description: The name of the network where subnets will be created + varType: string + required: true + - name: project_id + description: The ID of the project where subnets will be created + varType: string + required: true + - name: secondary_ranges + description: Secondary ranges that will be used in some of the subnets + varType: map(list(object({ range_name = string, ip_cidr_range = string }))) + defaultValue: {} + - name: subnets + description: The list of subnets being created + varType: |- + list(object({ + subnet_name = string + subnet_ip = string + subnet_region = string + subnet_private_access = optional(string, "false") + subnet_private_ipv6_access = optional(string) + subnet_flow_logs = optional(string, "false") + subnet_flow_logs_interval = optional(string, "INTERVAL_5_SEC") + subnet_flow_logs_sampling = optional(string, "0.5") + subnet_flow_logs_metadata = optional(string, "INCLUDE_ALL_METADATA") + subnet_flow_logs_filter = optional(string, "true") + subnet_flow_logs_metadata_fields = optional(list(string), []) + description = optional(string) + purpose = optional(string) + role = optional(string) + stack_type = optional(string) + ipv6_access_type = optional(string) + })) + required: true + outputs: + - name: subnets + description: The created subnet resources + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/vpc-serverless-connector-beta/README.md b/modules/vpc-serverless-connector-beta/README.md index eb5ec048..7b42540d 100644 --- a/modules/vpc-serverless-connector-beta/README.md +++ b/modules/vpc-serverless-connector-beta/README.md @@ -34,7 +34,7 @@ module "serverless-connector" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | project\_id | Project in which the vpc connector will be deployed. | `string` | n/a | yes | -| vpc\_connectors | List of VPC serverless connectors. | `list(map(string))` | `[]` | no | +| vpc\_connectors | List of VPC serverless connectors. | 
list(object({
    name            = string,
    region          = string,
    network         = optional(string, null),
    subnet_name     = optional(string, null),
    ip_cidr_range   = optional(string, null),
    host_project_id = optional(string, null),
    machine_type    = optional(string, null),
    min_instances   = optional(number, null),
    max_instances   = optional(number, null),
    max_throughput  = optional(number, null)
  }))
| `[]` | no | ## Outputs diff --git a/modules/vpc-serverless-connector-beta/main.tf b/modules/vpc-serverless-connector-beta/main.tf index 9e6f2d47..002ef868 100644 --- a/modules/vpc-serverless-connector-beta/main.tf +++ b/modules/vpc-serverless-connector-beta/main.tf @@ -22,17 +22,17 @@ resource "google_vpc_access_connector" "connector_beta" { name = each.value.name project = var.project_id region = each.value.region - ip_cidr_range = lookup(each.value, "ip_cidr_range", null) - network = lookup(each.value, "network", null) + ip_cidr_range = each.value.ip_cidr_range + network = each.value.network dynamic "subnet" { for_each = each.value.subnet_name == null ? [] : [each.value] content { name = each.value.subnet_name - project_id = lookup(each.value, "host_project_id", null) + project_id = each.value.host_project_id } } - machine_type = lookup(each.value, "machine_type", null) - min_instances = lookup(each.value, "min_instances", null) - max_instances = lookup(each.value, "max_instances", null) - max_throughput = lookup(each.value, "max_throughput", null) + machine_type = each.value.machine_type + min_instances = each.value.min_instances + max_instances = each.value.max_instances + max_throughput = each.value.max_throughput } diff --git a/modules/vpc-serverless-connector-beta/metadata.yaml b/modules/vpc-serverless-connector-beta/metadata.yaml index adf7356a..e40fb486 100644 --- a/modules/vpc-serverless-connector-beta/metadata.yaml +++ b/modules/vpc-serverless-connector-beta/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,84 +19,116 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Terraform VPC Serverless Connector Beta - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: project_id - description: Project in which the vpc connector will be deployed. - type: string - required: true - - name: vpc_connectors - description: List of VPC serverless connectors. - type: list(map(string)) - default: [] - required: false - outputs: - - name: connector_ids - description: VPC serverless connector ID. - roles: - - level: Project + info: + title: Terraform VPC Serverless Connector Beta + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/vpc-serverless-connector-beta + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: project_id + description: Project in which the vpc connector will be deployed. + varType: string + required: true + - name: vpc_connectors + description: List of VPC serverless connectors. + varType: |- + list(object({ + name = string, + region = string, + network = optional(string, null), + subnet_name = optional(string, null), + ip_cidr_range = optional(string, null), + host_project_id = optional(string, null), + machine_type = optional(string, null), + min_instances = optional(number, null), + max_instances = optional(number, null), + max_throughput = optional(number, null) + })) + defaultValue: [] + outputs: + - name: connector_ids + description: VPC serverless connector ID. + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/modules/vpc-serverless-connector-beta/variables.tf b/modules/vpc-serverless-connector-beta/variables.tf index a4b3956a..e36c23cf 100644 --- a/modules/vpc-serverless-connector-beta/variables.tf +++ b/modules/vpc-serverless-connector-beta/variables.tf @@ -20,7 +20,18 @@ variable "project_id" { } variable "vpc_connectors" { - type = list(map(string)) + type = list(object({ + name = string, + region = string, + network = optional(string, null), + subnet_name = optional(string, null), + ip_cidr_range = optional(string, null), + host_project_id = optional(string, null), + machine_type = optional(string, null), + min_instances = optional(number, null), + max_instances = optional(number, null), + max_throughput = optional(number, null) + })) default = [] description = "List of VPC serverless connectors." } diff --git a/modules/vpc/metadata.yaml b/modules/vpc/metadata.yaml index 4fd47ce7..fdb7c783 100644 --- a/modules/vpc/metadata.yaml +++ b/modules/vpc/metadata.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,121 +19,146 @@ metadata: annotations: config.kubernetes.io/local-config: "true" spec: - title: Terraform VPC Module - source: - repo: https://github.com/terraform-google-modules/terraform-google-network - sourceType: git - version: 9.1.0 - actuationTool: - type: Terraform - version: '>= 0.13.0' - examples: - - name: basic_auto_mode - location: examples/basic_auto_mode - - name: basic_custom_mode - location: examples/basic_custom_mode - - name: basic_firewall_rule - location: examples/basic_firewall_rule - - name: basic_secondary_ranges - location: examples/basic_secondary_ranges - - name: basic_shared_vpc - location: examples/basic_shared_vpc - - name: basic_vpc_peering - location: examples/basic_vpc_peering - - name: delete_default_gateway_routes - location: examples/delete_default_gateway_routes - - name: firewall_logging - location: examples/firewall_logging - - name: ilb_routing - location: examples/ilb_routing - - name: multi_vpc - location: examples/multi_vpc - - name: network_service_tiers - location: examples/network_service_tiers - - name: packet_mirroring - location: examples/packet_mirroring - - name: private_service_connect - location: examples/private_service_connect - - name: private_service_connect_google_apis - location: examples/private_service_connect_google_apis - - name: routes - location: examples/routes - - name: secondary_ranges - location: examples/secondary_ranges - - name: simple_project - location: examples/simple_project - - name: simple_project_with_regional_network - location: examples/simple_project_with_regional_network - - name: submodule_firewall - location: examples/submodule_firewall - - name: submodule_network_peering - location: examples/submodule_network_peering - - name: submodule_svpc_access - location: examples/submodule_svpc_access - - name: submodule_vpc_serverless_connector - location: examples/submodule_vpc_serverless_connector - variables: - - name: auto_create_subnetworks - description: When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. - type: bool - default: false - required: false - - name: delete_default_internet_gateway_routes - description: If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted - type: bool - default: false - required: false - - name: description - description: An optional description of this resource. The resource must be recreated to modify this field. - type: string - default: "" - required: false - - name: mtu - description: 'The network MTU (If set to 0, meaning MTU is unset - defaults to ''1460''). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively.' - type: number - default: 0 - required: false - - name: network_name - description: The name of the network being created - type: string - required: true - - name: project_id - description: The ID of the project where this VPC will be created - type: string - required: true - - name: routing_mode - description: The network routing mode (default 'GLOBAL') - type: string - default: GLOBAL - required: false - - name: shared_vpc_host - description: Makes this project a Shared VPC host if 'true' (default 'false') - type: bool - default: false - required: false - outputs: - - name: network - description: The VPC resource being created - - name: network_id - description: The ID of the VPC being created - - name: network_name - description: The name of the VPC being created - - name: network_self_link - description: The URI of the VPC being created - - name: project_id - description: VPC project id - roles: - - level: Project + info: + title: Terraform VPC Module + source: + repo: https://github.com/terraform-google-modules/terraform-google-network.git + sourceType: git + dir: /modules/vpc + version: 9.1.0 + actuationTool: + flavor: Terraform + version: ">= 0.13.0" + description: {} + content: + examples: + - name: basic_auto_mode + location: examples/basic_auto_mode + - name: basic_custom_mode + location: examples/basic_custom_mode + - name: basic_firewall_rule + location: examples/basic_firewall_rule + - name: basic_secondary_ranges + location: examples/basic_secondary_ranges + - name: basic_shared_vpc + location: examples/basic_shared_vpc + - name: basic_vpc_peering + location: examples/basic_vpc_peering + - name: bidirectional-firewall-rules + location: examples/bidirectional-firewall-rules + - name: delete_default_gateway_routes + location: examples/delete_default_gateway_routes + - name: firewall_logging + location: examples/firewall_logging + - name: global-network-firewall-policy + location: examples/global-network-firewall-policy + - name: hierarchical-firewall-policy + location: examples/hierarchical-firewall-policy + - name: ilb_routing + location: examples/ilb_routing + - name: multi_vpc + location: examples/multi_vpc + - name: network_service_tiers + location: examples/network_service_tiers + - name: packet_mirroring + location: examples/packet_mirroring + - name: private_service_connect + location: examples/private_service_connect + - name: private_service_connect_google_apis + location: examples/private_service_connect_google_apis + - name: regional-network-firewall-policy + location: examples/regional-network-firewall-policy + - name: routes + location: examples/routes + - name: secondary_ranges + location: examples/secondary_ranges + - name: simple_ipv6_project + location: examples/simple_ipv6_project + - name: simple_project + location: examples/simple_project + - name: simple_project_with_regional_network + location: examples/simple_project_with_regional_network + - name: submodule_firewall + location: examples/submodule_firewall + - name: submodule_network_peering + location: examples/submodule_network_peering + - name: submodule_svpc_access + location: examples/submodule_svpc_access + - name: submodule_vpc_serverless_connector + location: examples/submodule_vpc_serverless_connector + interfaces: + variables: + - name: auto_create_subnetworks + description: When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. + varType: bool + defaultValue: false + - name: delete_default_internet_gateway_routes + description: If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted + varType: bool + defaultValue: false + - name: description + description: An optional description of this resource. The resource must be recreated to modify this field. + varType: string + defaultValue: "" + - name: enable_ipv6_ula + description: Enabled IPv6 ULA, this is a permenant change and cannot be undone! (default 'false') + varType: bool + defaultValue: false + - name: internal_ipv6_range + description: When enabling IPv6 ULA, optionally, specify a /48 from fd20::/20 (default null) + varType: string + - name: mtu + description: "The network MTU (If set to 0, meaning MTU is unset - defaults to '1460'). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively." + varType: number + defaultValue: 0 + - name: network_firewall_policy_enforcement_order + description: Set the order that Firewall Rules and Firewall Policies are evaluated. Valid values are `BEFORE_CLASSIC_FIREWALL` and `AFTER_CLASSIC_FIREWALL`. (default null or equivalent to `AFTER_CLASSIC_FIREWALL`) + varType: string + - name: network_name + description: The name of the network being created + varType: string + required: true + - name: project_id + description: The ID of the project where this VPC will be created + varType: string + required: true + - name: routing_mode + description: The network routing mode (default 'GLOBAL') + varType: string + defaultValue: GLOBAL + - name: shared_vpc_host + description: Makes this project a Shared VPC host if 'true' (default 'false') + varType: bool + defaultValue: false + outputs: + - name: network + description: The VPC resource being created + - name: network_id + description: The ID of the VPC being created + - name: network_name + description: The name of the VPC being created + - name: network_self_link + description: The URI of the VPC being created + - name: project_id + description: VPC project id + requirements: roles: - - roles/compute.networkAdmin - - roles/compute.securityAdmin - - roles/iam.serviceAccountUser - - roles/vpcaccess.admin - - roles/serviceusage.serviceUsageAdmin - - roles/dns.admin - services: - - cloudresourcemanager.googleapis.com - - compute.googleapis.com - - serviceusage.googleapis.com - - vpcaccess.googleapis.com - - dns.googleapis.com + - level: Project + roles: + - roles/compute.networkAdmin + - roles/compute.securityAdmin + - roles/iam.serviceAccountUser + - roles/vpcaccess.admin + - roles/serviceusage.serviceUsageAdmin + - roles/dns.admin + - roles/resourcemanager.tagAdmin + - roles/iam.serviceAccountAdmin + - roles/compute.orgFirewallPolicyAdmin + services: + - cloudresourcemanager.googleapis.com + - compute.googleapis.com + - serviceusage.googleapis.com + - vpcaccess.googleapis.com + - dns.googleapis.com + - networksecurity.googleapis.com + - iam.googleapis.com diff --git a/test/integration/go.mod b/test/integration/go.mod index 24bd4aaa..8b56d993 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -5,10 +5,10 @@ go 1.22 toolchain go1.22.5 require ( - github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.16.0 + github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.16.1 github.com/gruntwork-io/terratest v0.47.0 github.com/stretchr/testify v1.9.0 - github.com/tidwall/gjson v1.17.1 + github.com/tidwall/gjson v1.17.3 ) require ( @@ -43,7 +43,7 @@ require ( github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f // indirect github.com/hashicorp/hcl/v2 v2.20.1 // indirect - github.com/hashicorp/terraform-config-inspect v0.0.0-20240607080351-271db412dbcb // indirect + github.com/hashicorp/terraform-config-inspect v0.0.0-20240701073647-9fc3669f7553 // indirect github.com/hashicorp/terraform-json v0.22.1 // indirect github.com/jinzhu/copier v0.4.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect @@ -63,7 +63,7 @@ require ( github.com/zclconf/go-cty v1.14.4 // indirect go.opencensus.io v0.24.0 // indirect golang.org/x/crypto v0.21.0 // indirect - golang.org/x/mod v0.18.0 // indirect + golang.org/x/mod v0.19.0 // indirect golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect golang.org/x/sync v0.4.0 // indirect @@ -80,6 +80,6 @@ require ( google.golang.org/protobuf v1.33.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect - sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect + sigs.k8s.io/kustomize/kyaml v0.17.2 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/test/integration/go.sum b/test/integration/go.sum index 26336ff3..afa5d360 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -187,10 +187,8 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.14.0 h1:db17HvmQPwTAq7/ex/w2DiNMA4oGUmTiHvScfPW/cRI= -github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.14.0/go.mod h1:JSsaDg/h4yaiNNTNnrCjyL6/czHb/Oz/z+dzWVqJYBE= -github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.16.0 h1:1rjUGjXuTnVp/RANDMfCRnDsUi0lIFJUQf4K1aPf5YE= -github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.16.0/go.mod h1:EJ+GwRNr/M3wZmmsaBpoUYgQ31+IO+y3sOtKIxw48PI= +github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.16.1 h1:IfsF5yta+pslEAWF1QYFSP/3obWsjLQzFyEKJYAhzos= +github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.16.1/go.mod h1:Bop47HzdH60K1rPgNRNqBHrBWhhmqCBG9Y4Y5PEn9fE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= @@ -357,8 +355,6 @@ github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/gruntwork-io/terratest v0.46.14 h1:nVT2JpOPLr7KbwOSNDP0GJffljH+Yu5833cwLorxRjs= -github.com/gruntwork-io/terratest v0.46.14/go.mod h1:L/IHbj195wnjfIFpZYWUhjwA3jm4O6ehO//xz7NxN8o= github.com/gruntwork-io/terratest v0.47.0 h1:xIy1pT7NbGVlMLDZEHl3+3iSnvffh8tN2pL6idn448c= github.com/gruntwork-io/terratest v0.47.0/go.mod h1:oywHw1cFKXSYvKPm27U7quZVzDUlA22H2xUrKCe26xM= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -378,16 +374,10 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f h1:UdxlrJz4JOnY8W+DbLISwf2B8WXEolNRA8BGCwI9jws= github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= -github.com/hashicorp/hcl/v2 v2.18.0 h1:wYnG7Lt31t2zYkcquwgKo6MWXzRUDIeIVU5naZwHLl8= -github.com/hashicorp/hcl/v2 v2.18.0/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= -github.com/hashicorp/terraform-config-inspect v0.0.0-20231204233900-a34142ec2a72 h1:nZ5gGjbe5o7XUu1d7j+Y5Ztcxlp+yaumTKH9i0D3wlg= -github.com/hashicorp/terraform-config-inspect v0.0.0-20231204233900-a34142ec2a72/go.mod h1:l8HcFPm9cQh6Q0KSWoYPiePqMvRFenybP1CH2MjKdlg= -github.com/hashicorp/terraform-config-inspect v0.0.0-20240607080351-271db412dbcb h1:6gCfY5aQdQgRr0G5VDjnV5ENpd+hTamWaZfVz+lJ724= -github.com/hashicorp/terraform-config-inspect v0.0.0-20240607080351-271db412dbcb/go.mod h1:Gz/z9Hbn+4KSp8A2FBtNszfLSdT2Tn/uAKGuVqqWmDI= -github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA= -github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o= +github.com/hashicorp/terraform-config-inspect v0.0.0-20240701073647-9fc3669f7553 h1:ApSEBSu6EhcJWCdwSMd1VbQUeJDtB1jAOHfIxjZyMTc= +github.com/hashicorp/terraform-config-inspect v0.0.0-20240701073647-9fc3669f7553/go.mod h1:Gz/z9Hbn+4KSp8A2FBtNszfLSdT2Tn/uAKGuVqqWmDI= github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -414,8 +404,6 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -439,8 +427,6 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= -github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -455,8 +441,8 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U= -github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.17.3 h1:bwWLZU7icoKRG+C+0PNwIKC6FCJO/Q3p2pZvuP0jN94= +github.com/tidwall/gjson v1.17.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= @@ -475,10 +461,10 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zclconf/go-cty v1.14.0 h1:/Xrd39K7DXbHzlisFP9c4pHao4yyf+/Ug9LEz+Y/yhc= -github.com/zclconf/go-cty v1.14.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -495,8 +481,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -535,10 +519,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -586,8 +568,6 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -697,15 +677,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1034,9 +1012,7 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/kyaml v0.17.0 h1:G2bWs03V9Ur2PinHLzTUJ8Ded+30SzXZKiO92SRDs3c= -sigs.k8s.io/kustomize/kyaml v0.17.0/go.mod h1:6lxkYF1Cv9Ic8g/N7I86cvxNc5iinUo/P2vKsHNmpyE= -sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= -sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= +sigs.k8s.io/kustomize/kyaml v0.17.2 h1:+AzvoJUY0kq4QAhH/ydPHHMRLijtUKiyVyh7fOSshr0= +sigs.k8s.io/kustomize/kyaml v0.17.2/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=