From 909ccb6d4ec6df69ddffe4a63faa1c76e7737091 Mon Sep 17 00:00:00 2001 From: Samir Anand Date: Mon, 4 Dec 2023 14:14:45 +0530 Subject: [PATCH 01/16] Automatically generated by magic modules for service: composer and resource: Projects__locations__environment. This commit includes the following changes: - Singular Resource - Plural Resource - Documentation updates - Terraform configuration - Integration tests Signed-off-by: Samir Anand --- .../configuration/mm-attributes.yml | 55 +++- ...e_composer_project_location_environment.md | 262 ++++++++++++++++++ ..._composer_project_location_environments.md | 36 +++ .../projectlocationenvironment_config.rb | 109 ++++++++ ...ationenvironment_config_database_config.rb | 37 +++ ...ionenvironment_config_encryption_config.rb | 34 +++ ...onenvironment_config_maintenance_window.rb | 40 +++ ...onfig_master_authorized_networks_config.rb | 38 +++ ..._authorized_networks_config_cidr_blocks.rb | 45 +++ ...tlocationenvironment_config_node_config.rb | 62 +++++ ...config_node_config_ip_allocation_policy.rb | 46 +++ ...nment_config_private_environment_config.rb | 63 +++++ ...te_environment_config_networking_config.rb | 34 +++ ...vironment_config_private_cluster_config.rb | 40 +++ ...ationenvironment_config_recovery_config.rb | 35 +++ ...overy_config_scheduled_snapshots_config.rb | 43 +++ ...ationenvironment_config_software_config.rb | 52 ++++ ...oftware_config_airflow_config_overrides.rb | 34 +++ ...nt_config_software_config_env_variables.rb | 34 +++ ...nt_config_software_config_pypi_packages.rb | 34 +++ ...ionenvironment_config_web_server_config.rb | 34 +++ ...onfig_web_server_network_access_control.rb | 35 +++ ...etwork_access_control_allowed_ip_ranges.rb | 45 +++ ...tionenvironment_config_workloads_config.rb | 47 ++++ ...nment_config_workloads_config_scheduler.rb | 43 +++ ...nment_config_workloads_config_triggerer.rb | 40 +++ ...ment_config_workloads_config_web_server.rb | 40 +++ ...ironment_config_workloads_config_worker.rb | 46 +++ .../projectlocationenvironment_labels.rb | 34 +++ ...ojectlocationenvironment_storage_config.rb | 34 +++ ...e_composer_project_location_environment.rb | 98 +++++++ ..._composer_project_location_environments.rb | 95 +++++++ ...e_composer_project_location_environment.rb | 44 +++ ..._composer_project_location_environments.rb | 34 +++ 34 files changed, 1791 insertions(+), 11 deletions(-) create mode 100644 docs/resources/google_composer_project_location_environment.md create mode 100644 docs/resources/google_composer_project_location_environments.md create mode 100644 libraries/google/composer/property/projectlocationenvironment_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_database_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_encryption_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_maintenance_window.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_master_authorized_networks_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_master_authorized_networks_config_cidr_blocks.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_node_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_node_config_ip_allocation_policy.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_private_environment_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_private_environment_config_networking_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_private_environment_config_private_cluster_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_recovery_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_recovery_config_scheduled_snapshots_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_software_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_software_config_airflow_config_overrides.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_software_config_env_variables.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_software_config_pypi_packages.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_web_server_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_web_server_network_access_control.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_web_server_network_access_control_allowed_ip_ranges.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_workloads_config.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_workloads_config_scheduler.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_workloads_config_triggerer.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_workloads_config_web_server.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_config_workloads_config_worker.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_labels.rb create mode 100644 libraries/google/composer/property/projectlocationenvironment_storage_config.rb create mode 100644 libraries/google_composer_project_location_environment.rb create mode 100644 libraries/google_composer_project_location_environments.rb create mode 100644 test/integration/verify/controls/google_composer_project_location_environment.rb create mode 100644 test/integration/verify/controls/google_composer_project_location_environments.rb diff --git a/build/inspec/test/integration/configuration/mm-attributes.yml b/build/inspec/test/integration/configuration/mm-attributes.yml index 69212b639..1f230f45f 100644 --- a/build/inspec/test/integration/configuration/mm-attributes.yml +++ b/build/inspec/test/integration/configuration/mm-attributes.yml @@ -604,7 +604,7 @@ index: update_time : "value_updatetime" create_time : "value_createtime" etag : "value_etag" - + tensorboard: name : "value_name" region : "value_region" @@ -883,14 +883,47 @@ tensorboard_experiment_run_time_series_resource: project_location_image_version: parent : "value_parent" - +vpn_gateway: + project : "value_project" + region : "value_region" + vpn_gateway : "value_vpngateway" + kind : "value_kind" + id : "value_id" + creation_timestamp : "value_creationtimestamp" + name : "value_name" + description : "value_description" + network : "value_network" + self_link : "value_selflink" + label_fingerprint : "value_labelfingerprint" + stack_type : "value_stacktype" organization: - name : "ppradhan" - parent : "organizations/ppradhan" - runtime_type : "CLOUD" - authorized_network : "default" - project_id : "ppradhan" - subscription_type : "PAID" - created_at : ""1698225643253" - state : "ACTIVE" - analytics_region : "us-west1" \ No newline at end of file + name : "value_name" + parent : "value_parent" + api_consumer_data_encryption_key_name : "value_apiconsumerdataencryptionkeyname" + runtime_database_encryption_key_name : "value_runtimedatabaseencryptionkeyname" + runtime_type : "value_runtimetype" + type : "value_type" + authorized_network : "value_authorizednetwork" + project_id : "value_projectid" + description : "value_description" + ca_certificate : "value_cacertificate" + subscription_type : "value_subscriptiontype" + customer_name : "value_customername" + created_at : "value_createdat" + last_modified_at : "value_lastmodifiedat" + subscription_plan : "value_subscriptionplan" + state : "value_state" + control_plane_encryption_key_name : "value_controlplaneencryptionkeyname" + analytics_region : "value_analyticsregion" + api_consumer_data_location : "value_apiconsumerdatalocation" + display_name : "value_displayname" + apigee_project_id : "value_apigeeprojectid" + expires_at : "value_expiresat" + billing_type : "value_billingtype" +project_location_environment: + name : "value_name" + parent : "value_parent" + uuid : "value_uuid" + state : "value_state" + create_time : "value_createtime" + update_time : "value_updatetime" \ No newline at end of file diff --git a/docs/resources/google_composer_project_location_environment.md b/docs/resources/google_composer_project_location_environment.md new file mode 100644 index 000000000..fec74bbc0 --- /dev/null +++ b/docs/resources/google_composer_project_location_environment.md @@ -0,0 +1,262 @@ +--- +title: About the google_composer_project_location_environment resource +platform: gcp +--- + +## Syntax +A `google_composer_project_location_environment` is used to test a Google ProjectLocationEnvironment resource + +## Examples +``` +describe google_composer_project_location_environment(name: ' value_name') do + it { should exist } + its('name') { should cmp 'value_name' } + its('uuid') { should cmp 'value_uuid' } + its('state') { should cmp 'value_state' } + its('create_time') { should cmp 'value_createtime' } + its('update_time') { should cmp 'value_updatetime' } + +end + +describe google_composer_project_location_environment(name: "does_not_exit") do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_composer_project_location_environment` resource: + + + * `name`: The resource name of the environment, in the form: "projects/{projectId}/locations/{locationId}/environments/{environmentId}" EnvironmentId must start with a lowercase letter followed by up to 63 lowercase letters, numbers, or hyphens, and cannot end with a hyphen. + + * `config`: Configuration information for an environment. + + * `gke_cluster`: Output only. The Kubernetes Engine cluster used to run this environment. + + * `dag_gcs_prefix`: Output only. The Cloud Storage prefix of the DAGs for this environment. Although Cloud Storage objects reside in a flat namespace, a hierarchical file tree can be simulated using "/"-delimited object name prefixes. DAG objects for this environment reside in a simulated directory with the given prefix. + + * `node_count`: The number of nodes in the Kubernetes Engine cluster that will be used to run this environment. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. + + * `software_config`: Specifies the selection and configuration of software inside the environment. + + * `image_version`: The version of the software running in the environment. This encapsulates both the version of Cloud Composer functionality and the version of Apache Airflow. It must match the regular expression `composer-([0-9]+(\.[0-9]+\.[0-9]+(-preview\.[0-9]+)?)?|latest)-airflow-([0-9]+(\.[0-9]+(\.[0-9]+)?)?)`. When used as input, the server also checks if the provided version is supported and denies the request for an unsupported version. The Cloud Composer portion of the image version is a full [semantic version](https://semver.org), or an alias in the form of major version number or `latest`. When an alias is provided, the server replaces it with the current Cloud Composer version that satisfies the alias. The Apache Airflow portion of the image version is a full semantic version that points to one of the supported Apache Airflow versions, or an alias in the form of only major or major.minor versions specified. When an alias is provided, the server replaces it with the latest Apache Airflow version that satisfies the alias and is supported in the given Cloud Composer version. In all cases, the resolved image version is stored in the same field. See also [version list](/composer/docs/concepts/versioning/composer-versions) and [versioning overview](/composer/docs/concepts/versioning/composer-versioning-overview). + + * `airflow_config_overrides`: Optional. Apache Airflow configuration properties to override. Property keys contain the section and property names, separated by a hyphen, for example "core-dags_are_paused_at_creation". Section names must not contain hyphens ("-"), opening square brackets ("["), or closing square brackets ("]"). The property name must not be empty and must not contain an equals sign ("=") or semicolon (";"). Section and property names must not contain a period ("."). Apache Airflow configuration property names must be written in [snake_case](https://en.wikipedia.org/wiki/Snake_case). Property values can contain any character, and can be written in any lower/upper case format. Certain Apache Airflow configuration property values are [blocked](/composer/docs/concepts/airflow-configurations), and cannot be overridden. + + * `additional_properties`: + + * `pypi_packages`: Optional. Custom Python Package Index (PyPI) packages to be installed in the environment. Keys refer to the lowercase package name such as "numpy" and values are the lowercase extras and version specifier such as "==1.12.0", "[devel,gcp_api]", or "[devel]>=1.8.2, <1.9.2". To specify a package without pinning it to a version specifier, use the empty string as the value. + + * `additional_properties`: + + * `env_variables`: Optional. Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. Environment variable names must match the regular expression `a-zA-Z_*`. They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression `AIRFLOW__[A-Z0-9_]+__[A-Z0-9_]+`), and they cannot match any of the following reserved names: * `AIRFLOW_HOME` * `C_FORCE_ROOT` * `CONTAINER_NAME` * `DAGS_FOLDER` * `GCP_PROJECT` * `GCS_BUCKET` * `GKE_CLUSTER_NAME` * `SQL_DATABASE` * `SQL_INSTANCE` * `SQL_PASSWORD` * `SQL_PROJECT` * `SQL_REGION` * `SQL_USER` + + * `additional_properties`: + + * `python_version`: Optional. The major version of Python used to run the Apache Airflow scheduler, worker, and webserver processes. Can be set to '2' or '3'. If not specified, the default is '3'. Cannot be updated. This field is only supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. Environments in newer versions always use Python major version 3. + + * `scheduler_count`: Optional. The number of schedulers for Airflow. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-2.*.*. + + * `node_config`: The configuration information for the Kubernetes Engine nodes running the Apache Airflow software. + + * `location`: Optional. The Compute Engine [zone](/compute/docs/regions-zones) in which to deploy the VMs used to run the Apache Airflow software, specified as a [relative resource name](/apis/design/resource_names#relative_resource_name). For example: "projects/{projectId}/zones/{zoneId}". This `location` must belong to the enclosing environment's project and location. If both this field and `nodeConfig.machineType` are specified, `nodeConfig.machineType` must belong to this `location`; if both are unspecified, the service will pick a zone in the Compute Engine region corresponding to the Cloud Composer location, and propagate that choice to both fields. If only one field (`location` or `nodeConfig.machineType`) is specified, the location information from the specified field will be propagated to the unspecified field. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. + + * `machine_type`: Optional. The Compute Engine [machine type](/compute/docs/machine-types) used for cluster instances, specified as a [relative resource name](/apis/design/resource_names#relative_resource_name). For example: "projects/{projectId}/zones/{zoneId}/machineTypes/{machineTypeId}". The `machineType` must belong to the enclosing environment's project and location. If both this field and `nodeConfig.location` are specified, this `machineType` must belong to the `nodeConfig.location`; if both are unspecified, the service will pick a zone in the Compute Engine region corresponding to the Cloud Composer location, and propagate that choice to both fields. If exactly one of this field and `nodeConfig.location` is specified, the location information from the specified field will be propagated to the unspecified field. The `machineTypeId` must not be a [shared-core machine type](/compute/docs/machine-types#sharedcore). If this field is unspecified, the `machineTypeId` defaults to "n1-standard-1". This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. + + * `network`: Optional. The Compute Engine network to be used for machine communications, specified as a [relative resource name](/apis/design/resource_names#relative_resource_name). For example: "projects/{projectId}/global/networks/{networkId}". If unspecified, the "default" network ID in the environment's project is used. If a [Custom Subnet Network](/vpc/docs/vpc#vpc_networks_and_subnets) is provided, `nodeConfig.subnetwork` must also be provided. For [Shared VPC](/vpc/docs/shared-vpc) subnetwork requirements, see `nodeConfig.subnetwork`. + + * `subnetwork`: Optional. The Compute Engine subnetwork to be used for machine communications, specified as a [relative resource name](/apis/design/resource_names#relative_resource_name). For example: "projects/{projectId}/regions/{regionId}/subnetworks/{subnetworkId}" If a subnetwork is provided, `nodeConfig.network` must also be provided, and the subnetwork must belong to the enclosing environment's project and location. + + * `disk_size_gb`: Optional. The disk size in GB used for node VMs. Minimum size is 30GB. If unspecified, defaults to 100GB. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. + + * `oauth_scopes`: Optional. The set of Google API scopes to be made available on all node VMs. If `oauth_scopes` is empty, defaults to ["https://www.googleapis.com/auth/cloud-platform"]. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. + + * `service_account`: Optional. The Google Cloud Platform Service Account to be used by the node VMs. If a service account is not specified, the "default" Compute Engine service account is used. Cannot be updated. + + * `tags`: Optional. The list of instance tags applied to all node VMs. Tags are used to identify valid sources or targets for network firewalls. Each tag within the list must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). Cannot be updated. + + * `ip_allocation_policy`: Configuration for controlling how IPs are allocated in the GKE cluster running the Apache Airflow software. + + * `use_ip_aliases`: Optional. Whether or not to enable Alias IPs in the GKE cluster. If `true`, a VPC-native cluster is created. This field is only supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. Environments in newer versions always use VPC-native GKE clusters. + + * `cluster_secondary_range_name`: Optional. The name of the GKE cluster's secondary range used to allocate IP addresses to pods. For Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*, this field is applicable only when `use_ip_aliases` is true. + + * `cluster_ipv4_cidr_block`: Optional. The IP address range used to allocate IP addresses to pods in the GKE cluster. For Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*, this field is applicable only when `use_ip_aliases` is true. Set to blank to have GKE choose a range with the default size. Set to /netmask (e.g. `/14`) to have GKE choose a range with a specific netmask. Set to a [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range to use. + + * `services_secondary_range_name`: Optional. The name of the services' secondary range used to allocate IP addresses to the GKE cluster. For Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*, this field is applicable only when `use_ip_aliases` is true. + + * `services_ipv4_cidr_block`: Optional. The IP address range of the services IP addresses in this GKE cluster. For Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*, this field is applicable only when `use_ip_aliases` is true. Set to blank to have GKE choose a range with the default size. Set to /netmask (e.g. `/14`) to have GKE choose a range with a specific netmask. Set to a [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g. `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range to use. + + * `enable_ip_masq_agent`: Optional. Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for all destination addresses, except between pods traffic. See: https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent + + * `private_environment_config`: The configuration information for configuring a Private IP Cloud Composer environment. + + * `enable_private_environment`: Optional. If `true`, a Private IP Cloud Composer environment is created. If this field is set to true, `IPAllocationPolicy.use_ip_aliases` must be set to true for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. + + * `private_cluster_config`: Configuration options for the private GKE cluster in a Cloud Composer environment. + + * `enable_private_endpoint`: Optional. If `true`, access to the public endpoint of the GKE cluster is denied. + + * `master_ipv4_cidr_block`: Optional. The CIDR block from which IPv4 range for GKE master will be reserved. If left blank, the default value of '172.16.0.0/23' is used. + + * `master_ipv4_reserved_range`: Output only. The IP range in CIDR notation to use for the hosted master network. This range is used for assigning internal IP addresses to the GKE cluster master or set of masters and to the internal load balancer virtual IP. This range must not overlap with any other ranges in use within the cluster's network. + + * `web_server_ipv4_cidr_block`: Optional. The CIDR block from which IP range for web server will be reserved. Needs to be disjoint from `private_cluster_config.master_ipv4_cidr_block` and `cloud_sql_ipv4_cidr_block`. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. + + * `cloud_sql_ipv4_cidr_block`: Optional. The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from `web_server_ipv4_cidr_block`. + + * `web_server_ipv4_reserved_range`: Output only. The IP range reserved for the tenant project's App Engine VMs. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. + + * `cloud_composer_network_ipv4_cidr_block`: Optional. The CIDR block from which IP range for Cloud Composer Network in tenant project will be reserved. Needs to be disjoint from private_cluster_config.master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer. + + * `cloud_composer_network_ipv4_reserved_range`: Output only. The IP range reserved for the tenant project's Cloud Composer network. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer. + + * `enable_privately_used_public_ips`: Optional. When enabled, IPs from public (non-RFC1918) ranges can be used for `IPAllocationPolicy.cluster_ipv4_cidr_block` and `IPAllocationPolicy.service_ipv4_cidr_block`. + + * `cloud_composer_connection_subnetwork`: Optional. When specified, the environment will use Private Service Connect instead of VPC peerings to connect to Cloud SQL in the Tenant Project, and the PSC endpoint in the Customer Project will use an IP address from this subnetwork. + + * `networking_config`: Configuration options for networking connections in the Composer 2 environment. + + * `connection_type`: Optional. Indicates the user requested specifc connection type between Tenant and Customer projects. You cannot set networking connection type in public IP environment. + Possible values: + * CONNECTION_TYPE_UNSPECIFIED + * VPC_PEERING + * PRIVATE_SERVICE_CONNECT + + * `web_server_network_access_control`: Network-level access control policy for the Airflow web server. + + * `allowed_ip_ranges`: A collection of allowed IP ranges with descriptions. + + * `value`: IP address or range, defined using CIDR notation, of requests that this rule applies to. Examples: `192.168.1.1` or `192.168.0.0/16` or `2001:db8::/32` or `2001:0db8:0000:0042:0000:8a2e:0370:7334`. IP range prefixes should be properly truncated. For example, `1.2.3.4/24` should be truncated to `1.2.3.0/24`. Similarly, for IPv6, `2001:db8::1/32` should be truncated to `2001:db8::/32`. + + * `description`: Optional. User-provided description. It must contain at most 300 characters. + + * `database_config`: The configuration of Cloud SQL instance that is used by the Apache Airflow software. + + * `machine_type`: Optional. Cloud SQL machine type used by Airflow database. It has to be one of: db-n1-standard-2, db-n1-standard-4, db-n1-standard-8 or db-n1-standard-16. If not specified, db-n1-standard-2 will be used. Supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. + + * `zone`: Optional. The Compute Engine zone where the Airflow database is created. If zone is provided, it must be in the region selected for the environment. If zone is not provided, a zone is automatically selected. The zone can only be set during environment creation. Supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.*. + + * `web_server_config`: The configuration settings for the Airflow web server App Engine instance. Supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.* + + * `machine_type`: Optional. Machine type on which Airflow web server is running. It has to be one of: composer-n1-webserver-2, composer-n1-webserver-4 or composer-n1-webserver-8. If not specified, composer-n1-webserver-2 will be used. Value custom is returned only in response, if Airflow web server parameters were manually changed to a non-standard values. + + * `encryption_config`: The encryption options for the Cloud Composer environment and its dependencies.Supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. + + * `kms_key_name`: Optional. Customer-managed Encryption Key available through Google's Key Management Service. Cannot be updated. If not specified, Google-managed key will be used. + + * `maintenance_window`: The configuration settings for Cloud Composer maintenance window. The following example: ``` { "startTime":"2019-08-01T01:00:00Z" "endTime":"2019-08-01T07:00:00Z" "recurrence":"FREQ=WEEKLY;BYDAY=TU,WE" } ``` would define a maintenance window between 01 and 07 hours UTC during each Tuesday and Wednesday. + + * `start_time`: Required. Start time of the first recurrence of the maintenance window. + + * `end_time`: Required. Maintenance window end time. It is used only to calculate the duration of the maintenance window. The value for end-time must be in the future, relative to `start_time`. + + * `recurrence`: Required. Maintenance window recurrence. Format is a subset of [RFC-5545](https://tools.ietf.org/html/rfc5545) `RRULE`. The only allowed values for `FREQ` field are `FREQ=DAILY` and `FREQ=WEEKLY;BYDAY=...` Example values: `FREQ=WEEKLY;BYDAY=TU,WE`, `FREQ=DAILY`. + + * `workloads_config`: The Kubernetes workloads configuration for GKE cluster associated with the Cloud Composer environment. Supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer. + + * `scheduler`: Configuration for resources used by Airflow schedulers. + + * `cpu`: Optional. CPU request and limit for a single Airflow scheduler replica. + + * `memory_gb`: Optional. Memory (GB) request and limit for a single Airflow scheduler replica. + + * `storage_gb`: Optional. Storage (GB) request and limit for a single Airflow scheduler replica. + + * `count`: Optional. The number of schedulers. + + * `web_server`: Configuration for resources used by Airflow web server. + + * `cpu`: Optional. CPU request and limit for Airflow web server. + + * `memory_gb`: Optional. Memory (GB) request and limit for Airflow web server. + + * `storage_gb`: Optional. Storage (GB) request and limit for Airflow web server. + + * `worker`: Configuration for resources used by Airflow workers. + + * `cpu`: Optional. CPU request and limit for a single Airflow worker replica. + + * `memory_gb`: Optional. Memory (GB) request and limit for a single Airflow worker replica. + + * `storage_gb`: Optional. Storage (GB) request and limit for a single Airflow worker replica. + + * `min_count`: Optional. Minimum number of workers for autoscaling. + + * `max_count`: Optional. Maximum number of workers for autoscaling. + + * `triggerer`: Configuration for resources used by Airflow triggerers. + + * `count`: Optional. The number of triggerers. + + * `cpu`: Optional. CPU request and limit for a single Airflow triggerer replica. + + * `memory_gb`: Optional. Memory (GB) request and limit for a single Airflow triggerer replica. + + * `environment_size`: Optional. The size of the Cloud Composer environment. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer. + Possible values: + * ENVIRONMENT_SIZE_UNSPECIFIED + * ENVIRONMENT_SIZE_SMALL + * ENVIRONMENT_SIZE_MEDIUM + * ENVIRONMENT_SIZE_LARGE + + * `airflow_uri`: Output only. The URI of the Apache Airflow Web UI hosted within this environment (see [Airflow web interface](/composer/docs/how-to/accessing/airflow-web-interface)). + + * `airflow_byoid_uri`: Output only. The 'bring your own identity' variant of the URI of the Apache Airflow Web UI hosted within this environment, to be accessed with external identities using workforce identity federation (see [Access environments with workforce identity federation](/composer/docs/composer-2/access-environments-with-workforce-identity-federation)). + + * `master_authorized_networks_config`: Configuration options for the master authorized networks feature. Enabled master authorized networks will disallow all external traffic to access Kubernetes master through HTTPS except traffic from the given CIDR blocks, Google Compute Engine Public IPs and Google Prod IPs. + + * `enabled`: Whether or not master authorized networks feature is enabled. + + * `cidr_blocks`: Up to 50 external networks that could access Kubernetes master through HTTPS. + + * `display_name`: User-defined name that identifies the CIDR block. + + * `cidr_block`: CIDR block that must be specified in CIDR notation. + + * `recovery_config`: The Recovery settings of an environment. + + * `scheduled_snapshots_config`: The configuration for scheduled snapshot creation mechanism. + + * `enabled`: Optional. Whether scheduled snapshots creation is enabled. + + * `snapshot_location`: Optional. The Cloud Storage location for storing automatically created snapshots. + + * `snapshot_creation_schedule`: Optional. The cron expression representing the time when snapshots creation mechanism runs. This field is subject to additional validation around frequency of execution. + + * `time_zone`: Optional. Time zone that sets the context to interpret snapshot_creation_schedule. + + * `resilience_mode`: Optional. Resilience mode of the Cloud Composer Environment. This field is supported for Cloud Composer environments in versions composer-2.2.0-airflow-*.*.* and newer. + Possible values: + * RESILIENCE_MODE_UNSPECIFIED + * HIGH_RESILIENCE + + * `uuid`: Output only. The UUID (Universally Unique IDentifier) associated with this environment. This value is generated when the environment is created. + + * `state`: The current state of the environment. + Possible values: + * STATE_UNSPECIFIED + * CREATING + * RUNNING + * UPDATING + * DELETING + * ERROR + + * `create_time`: Output only. The time at which this environment was created. + + * `update_time`: Output only. The time at which this environment was last modified. + + * `labels`: Optional. User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: * Keys must conform to regexp: \p{Ll}\p{Lo}{0,62} * Values must conform to regexp: [\p{Ll}\p{Lo}\p{N}_-]{0,63} * Both keys and values are additionally constrained to be <= 128 bytes in size. + + * `additional_properties`: + + * `satisfies_pzs`: Output only. Reserved for future use. + + * `storage_config`: The configuration for data storage in the environment. + + * `bucket`: Optional. The name of the Cloud Storage bucket used by the environment. No `gs://` prefix. + + +## GCP Permissions + +Ensure the [https://composer.googleapis.com/](https://console.cloud.google.com/apis/library/composer.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_composer_project_location_environments.md b/docs/resources/google_composer_project_location_environments.md new file mode 100644 index 000000000..a14578e87 --- /dev/null +++ b/docs/resources/google_composer_project_location_environments.md @@ -0,0 +1,36 @@ +--- +title: About the google_composer_project_location_environments resource +platform: gcp +--- + +## Syntax +A `google_composer_project_location_environments` is used to test a Google ProjectLocationEnvironment resource + +## Examples +``` + describe google_composer_project_location_environments(parent: ' value_parent') do + it { should exist } + end +``` + +## Properties +Properties that can be accessed from the `google_composer_project_location_environments` resource: + +See [google_composer_project_location_environment.md](google_composer_project_location_environment.md) for more detailed information + * `names`: an array of `google_composer_project_location_environment` name + * `configs`: an array of `google_composer_project_location_environment` config + * `uuids`: an array of `google_composer_project_location_environment` uuid + * `states`: an array of `google_composer_project_location_environment` state + * `create_times`: an array of `google_composer_project_location_environment` create_time + * `update_times`: an array of `google_composer_project_location_environment` update_time + * `labels`: an array of `google_composer_project_location_environment` labels + * `satisfies_pzs`: an array of `google_composer_project_location_environment` satisfies_pzs + * `storage_configs`: an array of `google_composer_project_location_environment` storage_config + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [https://composer.googleapis.com/](https://console.cloud.google.com/apis/library/composer.googleapis.com/) is enabled for the current project. diff --git a/libraries/google/composer/property/projectlocationenvironment_config.rb b/libraries/google/composer/property/projectlocationenvironment_config.rb new file mode 100644 index 000000000..728bbb763 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config.rb @@ -0,0 +1,109 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/composer/property/projectlocationenvironment_config_database_config' +require 'google/composer/property/projectlocationenvironment_config_encryption_config' +require 'google/composer/property/projectlocationenvironment_config_maintenance_window' +require 'google/composer/property/projectlocationenvironment_config_master_authorized_networks_config' +require 'google/composer/property/projectlocationenvironment_config_master_authorized_networks_config_cidr_blocks' +require 'google/composer/property/projectlocationenvironment_config_node_config' +require 'google/composer/property/projectlocationenvironment_config_node_config_ip_allocation_policy' +require 'google/composer/property/projectlocationenvironment_config_private_environment_config' +require 'google/composer/property/projectlocationenvironment_config_private_environment_config_networking_config' +require 'google/composer/property/projectlocationenvironment_config_private_environment_config_private_cluster_config' +require 'google/composer/property/projectlocationenvironment_config_recovery_config' +require 'google/composer/property/projectlocationenvironment_config_recovery_config_scheduled_snapshots_config' +require 'google/composer/property/projectlocationenvironment_config_software_config' +require 'google/composer/property/projectlocationenvironment_config_software_config_airflow_config_overrides' +require 'google/composer/property/projectlocationenvironment_config_software_config_env_variables' +require 'google/composer/property/projectlocationenvironment_config_software_config_pypi_packages' +require 'google/composer/property/projectlocationenvironment_config_web_server_config' +require 'google/composer/property/projectlocationenvironment_config_web_server_network_access_control' +require 'google/composer/property/projectlocationenvironment_config_web_server_network_access_control_allowed_ip_ranges' +require 'google/composer/property/projectlocationenvironment_config_workloads_config' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_scheduler' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_triggerer' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_web_server' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_worker' +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfig + attr_reader :gke_cluster + + attr_reader :dag_gcs_prefix + + attr_reader :node_count + + attr_reader :software_config + + attr_reader :node_config + + attr_reader :private_environment_config + + attr_reader :web_server_network_access_control + + attr_reader :database_config + + attr_reader :web_server_config + + attr_reader :encryption_config + + attr_reader :maintenance_window + + attr_reader :workloads_config + + attr_reader :environment_size + + attr_reader :airflow_uri + + attr_reader :airflow_byoid_uri + + attr_reader :master_authorized_networks_config + + attr_reader :recovery_config + + attr_reader :resilience_mode + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @gke_cluster = args['gkeCluster'] + @dag_gcs_prefix = args['dagGcsPrefix'] + @node_count = args['nodeCount'] + @software_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigSoftwareConfig.new(args['softwareConfig'], to_s) + @node_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigNodeConfig.new(args['nodeConfig'], to_s) + @private_environment_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigPrivateEnvironmentConfig.new(args['privateEnvironmentConfig'], to_s) + @web_server_network_access_control = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigWebServerNetworkAccessControl.new(args['webServerNetworkAccessControl'], to_s) + @database_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigDatabaseConfig.new(args['databaseConfig'], to_s) + @web_server_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigWebServerConfig.new(args['webServerConfig'], to_s) + @encryption_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigEncryptionConfig.new(args['encryptionConfig'], to_s) + @maintenance_window = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigMaintenanceWindow.new(args['maintenanceWindow'], to_s) + @workloads_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigWorkloadsConfig.new(args['workloadsConfig'], to_s) + @environment_size = args['environmentSize'] + @airflow_uri = args['airflowUri'] + @airflow_byoid_uri = args['airflowByoidUri'] + @master_authorized_networks_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigMasterAuthorizedNetworksConfig.new(args['masterAuthorizedNetworksConfig'], to_s) + @recovery_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigRecoveryConfig.new(args['recoveryConfig'], to_s) + @resilience_mode = args['resilienceMode'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_database_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_database_config.rb new file mode 100644 index 000000000..3bd003dcc --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_database_config.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigDatabaseConfig + attr_reader :machine_type + + attr_reader :zone + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @machine_type = args['machineType'] + @zone = args['zone'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigDatabaseConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_encryption_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_encryption_config.rb new file mode 100644 index 000000000..b9b5bbb10 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_encryption_config.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigEncryptionConfig + attr_reader :kms_key_name + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @kms_key_name = args['kmsKeyName'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigEncryptionConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_maintenance_window.rb b/libraries/google/composer/property/projectlocationenvironment_config_maintenance_window.rb new file mode 100644 index 000000000..71bbeabb9 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_maintenance_window.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigMaintenanceWindow + attr_reader :start_time + + attr_reader :end_time + + attr_reader :recurrence + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @start_time = args['startTime'] + @end_time = args['endTime'] + @recurrence = args['recurrence'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigMaintenanceWindow" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_master_authorized_networks_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_master_authorized_networks_config.rb new file mode 100644 index 000000000..4da07486a --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_master_authorized_networks_config.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/composer/property/projectlocationenvironment_config_master_authorized_networks_config_cidr_blocks' +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigMasterAuthorizedNetworksConfig + attr_reader :enabled + + attr_reader :cidr_blocks + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @enabled = args['enabled'] + @cidr_blocks = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigMasterAuthorizedNetworksConfigCidrBlocksArray.parse(args['cidrBlocks'], to_s) + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigMasterAuthorizedNetworksConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_master_authorized_networks_config_cidr_blocks.rb b/libraries/google/composer/property/projectlocationenvironment_config_master_authorized_networks_config_cidr_blocks.rb new file mode 100644 index 000000000..2de397e69 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_master_authorized_networks_config_cidr_blocks.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigMasterAuthorizedNetworksConfigCidrBlocks + attr_reader :display_name + + attr_reader :cidr_block + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @display_name = args['displayName'] + @cidr_block = args['cidrBlock'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigMasterAuthorizedNetworksConfigCidrBlocks" + end + end + + class ProjectLocationEnvironmentConfigMasterAuthorizedNetworksConfigCidrBlocksArray + def self.parse(value, parent_identifier) + return if value.nil? + return ProjectLocationEnvironmentConfigMasterAuthorizedNetworksConfigCidrBlocks.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| ProjectLocationEnvironmentConfigMasterAuthorizedNetworksConfigCidrBlocks.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_node_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_node_config.rb new file mode 100644 index 000000000..6d5a6a773 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_node_config.rb @@ -0,0 +1,62 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/composer/property/projectlocationenvironment_config_node_config_ip_allocation_policy' +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigNodeConfig + attr_reader :location + + attr_reader :machine_type + + attr_reader :network + + attr_reader :subnetwork + + attr_reader :disk_size_gb + + attr_reader :oauth_scopes + + attr_reader :service_account + + attr_reader :tags + + attr_reader :ip_allocation_policy + + attr_reader :enable_ip_masq_agent + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @location = args['location'] + @machine_type = args['machineType'] + @network = args['network'] + @subnetwork = args['subnetwork'] + @disk_size_gb = args['diskSizeGb'] + @oauth_scopes = args['oauthScopes'] + @service_account = args['serviceAccount'] + @tags = args['tags'] + @ip_allocation_policy = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigNodeConfigIpAllocationPolicy.new(args['ipAllocationPolicy'], to_s) + @enable_ip_masq_agent = args['enableIpMasqAgent'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigNodeConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_node_config_ip_allocation_policy.rb b/libraries/google/composer/property/projectlocationenvironment_config_node_config_ip_allocation_policy.rb new file mode 100644 index 000000000..45c01c746 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_node_config_ip_allocation_policy.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigNodeConfigIpAllocationPolicy + attr_reader :use_ip_aliases + + attr_reader :cluster_secondary_range_name + + attr_reader :cluster_ipv4_cidr_block + + attr_reader :services_secondary_range_name + + attr_reader :services_ipv4_cidr_block + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @use_ip_aliases = args['useIpAliases'] + @cluster_secondary_range_name = args['clusterSecondaryRangeName'] + @cluster_ipv4_cidr_block = args['clusterIpv4CidrBlock'] + @services_secondary_range_name = args['servicesSecondaryRangeName'] + @services_ipv4_cidr_block = args['servicesIpv4CidrBlock'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigNodeConfigIpAllocationPolicy" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_private_environment_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_private_environment_config.rb new file mode 100644 index 000000000..7e2f54162 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_private_environment_config.rb @@ -0,0 +1,63 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/composer/property/projectlocationenvironment_config_private_environment_config_networking_config' +require 'google/composer/property/projectlocationenvironment_config_private_environment_config_private_cluster_config' +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigPrivateEnvironmentConfig + attr_reader :enable_private_environment + + attr_reader :private_cluster_config + + attr_reader :web_server_ipv4_cidr_block + + attr_reader :cloud_sql_ipv4_cidr_block + + attr_reader :web_server_ipv4_reserved_range + + attr_reader :cloud_composer_network_ipv4_cidr_block + + attr_reader :cloud_composer_network_ipv4_reserved_range + + attr_reader :enable_privately_used_public_ips + + attr_reader :cloud_composer_connection_subnetwork + + attr_reader :networking_config + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @enable_private_environment = args['enablePrivateEnvironment'] + @private_cluster_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigPrivateEnvironmentConfigPrivateClusterConfig.new(args['privateClusterConfig'], to_s) + @web_server_ipv4_cidr_block = args['webServerIpv4CidrBlock'] + @cloud_sql_ipv4_cidr_block = args['cloudSqlIpv4CidrBlock'] + @web_server_ipv4_reserved_range = args['webServerIpv4ReservedRange'] + @cloud_composer_network_ipv4_cidr_block = args['cloudComposerNetworkIpv4CidrBlock'] + @cloud_composer_network_ipv4_reserved_range = args['cloudComposerNetworkIpv4ReservedRange'] + @enable_privately_used_public_ips = args['enablePrivatelyUsedPublicIps'] + @cloud_composer_connection_subnetwork = args['cloudComposerConnectionSubnetwork'] + @networking_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigPrivateEnvironmentConfigNetworkingConfig.new(args['networkingConfig'], to_s) + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigPrivateEnvironmentConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_private_environment_config_networking_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_private_environment_config_networking_config.rb new file mode 100644 index 000000000..ec6076c2f --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_private_environment_config_networking_config.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigPrivateEnvironmentConfigNetworkingConfig + attr_reader :connection_type + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @connection_type = args['connectionType'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigPrivateEnvironmentConfigNetworkingConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_private_environment_config_private_cluster_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_private_environment_config_private_cluster_config.rb new file mode 100644 index 000000000..bef1a4f08 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_private_environment_config_private_cluster_config.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigPrivateEnvironmentConfigPrivateClusterConfig + attr_reader :enable_private_endpoint + + attr_reader :master_ipv4_cidr_block + + attr_reader :master_ipv4_reserved_range + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @enable_private_endpoint = args['enablePrivateEndpoint'] + @master_ipv4_cidr_block = args['masterIpv4CidrBlock'] + @master_ipv4_reserved_range = args['masterIpv4ReservedRange'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigPrivateEnvironmentConfigPrivateClusterConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_recovery_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_recovery_config.rb new file mode 100644 index 000000000..a0a60f360 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_recovery_config.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/composer/property/projectlocationenvironment_config_recovery_config_scheduled_snapshots_config' +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigRecoveryConfig + attr_reader :scheduled_snapshots_config + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @scheduled_snapshots_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigRecoveryConfigScheduledSnapshotsConfig.new(args['scheduledSnapshotsConfig'], to_s) + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigRecoveryConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_recovery_config_scheduled_snapshots_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_recovery_config_scheduled_snapshots_config.rb new file mode 100644 index 000000000..2d21d1ae3 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_recovery_config_scheduled_snapshots_config.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigRecoveryConfigScheduledSnapshotsConfig + attr_reader :enabled + + attr_reader :snapshot_location + + attr_reader :snapshot_creation_schedule + + attr_reader :time_zone + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @enabled = args['enabled'] + @snapshot_location = args['snapshotLocation'] + @snapshot_creation_schedule = args['snapshotCreationSchedule'] + @time_zone = args['timeZone'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigRecoveryConfigScheduledSnapshotsConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_software_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_software_config.rb new file mode 100644 index 000000000..32bbf91a9 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_software_config.rb @@ -0,0 +1,52 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/composer/property/projectlocationenvironment_config_software_config_airflow_config_overrides' +require 'google/composer/property/projectlocationenvironment_config_software_config_env_variables' +require 'google/composer/property/projectlocationenvironment_config_software_config_pypi_packages' +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigSoftwareConfig + attr_reader :image_version + + attr_reader :airflow_config_overrides + + attr_reader :pypi_packages + + attr_reader :env_variables + + attr_reader :python_version + + attr_reader :scheduler_count + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @image_version = args['imageVersion'] + @airflow_config_overrides = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigSoftwareConfigAirflowConfigOverrides.new(args['airflowConfigOverrides'], to_s) + @pypi_packages = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigSoftwareConfigPypiPackages.new(args['pypiPackages'], to_s) + @env_variables = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigSoftwareConfigEnvVariables.new(args['envVariables'], to_s) + @python_version = args['pythonVersion'] + @scheduler_count = args['schedulerCount'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigSoftwareConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_software_config_airflow_config_overrides.rb b/libraries/google/composer/property/projectlocationenvironment_config_software_config_airflow_config_overrides.rb new file mode 100644 index 000000000..0cfa1d9ab --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_software_config_airflow_config_overrides.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigSoftwareConfigAirflowConfigOverrides + attr_reader :additional_properties + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @additional_properties = args['additionalProperties'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigSoftwareConfigAirflowConfigOverrides" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_software_config_env_variables.rb b/libraries/google/composer/property/projectlocationenvironment_config_software_config_env_variables.rb new file mode 100644 index 000000000..76458dc48 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_software_config_env_variables.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigSoftwareConfigEnvVariables + attr_reader :additional_properties + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @additional_properties = args['additionalProperties'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigSoftwareConfigEnvVariables" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_software_config_pypi_packages.rb b/libraries/google/composer/property/projectlocationenvironment_config_software_config_pypi_packages.rb new file mode 100644 index 000000000..879265b0b --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_software_config_pypi_packages.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigSoftwareConfigPypiPackages + attr_reader :additional_properties + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @additional_properties = args['additionalProperties'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigSoftwareConfigPypiPackages" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_web_server_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_web_server_config.rb new file mode 100644 index 000000000..f11e520c2 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_web_server_config.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigWebServerConfig + attr_reader :machine_type + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @machine_type = args['machineType'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigWebServerConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_web_server_network_access_control.rb b/libraries/google/composer/property/projectlocationenvironment_config_web_server_network_access_control.rb new file mode 100644 index 000000000..792e0be66 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_web_server_network_access_control.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/composer/property/projectlocationenvironment_config_web_server_network_access_control_allowed_ip_ranges' +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigWebServerNetworkAccessControl + attr_reader :allowed_ip_ranges + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @allowed_ip_ranges = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigWebServerNetworkAccessControlAllowedIpRangesArray.parse(args['allowedIpRanges'], to_s) + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigWebServerNetworkAccessControl" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_web_server_network_access_control_allowed_ip_ranges.rb b/libraries/google/composer/property/projectlocationenvironment_config_web_server_network_access_control_allowed_ip_ranges.rb new file mode 100644 index 000000000..f7afee094 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_web_server_network_access_control_allowed_ip_ranges.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigWebServerNetworkAccessControlAllowedIpRanges + attr_reader :value + + attr_reader :description + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @value = args['value'] + @description = args['description'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigWebServerNetworkAccessControlAllowedIpRanges" + end + end + + class ProjectLocationEnvironmentConfigWebServerNetworkAccessControlAllowedIpRangesArray + def self.parse(value, parent_identifier) + return if value.nil? + return ProjectLocationEnvironmentConfigWebServerNetworkAccessControlAllowedIpRanges.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| ProjectLocationEnvironmentConfigWebServerNetworkAccessControlAllowedIpRanges.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_workloads_config.rb b/libraries/google/composer/property/projectlocationenvironment_config_workloads_config.rb new file mode 100644 index 000000000..f9740deae --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_workloads_config.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/composer/property/projectlocationenvironment_config_workloads_config_scheduler' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_triggerer' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_web_server' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_worker' +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigWorkloadsConfig + attr_reader :scheduler + + attr_reader :web_server + + attr_reader :worker + + attr_reader :triggerer + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @scheduler = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigWorkloadsConfigScheduler.new(args['scheduler'], to_s) + @web_server = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigWorkloadsConfigWebServer.new(args['webServer'], to_s) + @worker = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigWorkloadsConfigWorker.new(args['worker'], to_s) + @triggerer = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfigWorkloadsConfigTriggerer.new(args['triggerer'], to_s) + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigWorkloadsConfig" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_scheduler.rb b/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_scheduler.rb new file mode 100644 index 000000000..40b2f1eaa --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_scheduler.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigWorkloadsConfigScheduler + attr_reader :cpu + + attr_reader :memory_gb + + attr_reader :storage_gb + + attr_reader :count + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @cpu = args['cpu'] + @memory_gb = args['memoryGb'] + @storage_gb = args['storageGb'] + @count = args['count'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigWorkloadsConfigScheduler" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_triggerer.rb b/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_triggerer.rb new file mode 100644 index 000000000..dec87cc6a --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_triggerer.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigWorkloadsConfigTriggerer + attr_reader :count + + attr_reader :cpu + + attr_reader :memory_gb + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @count = args['count'] + @cpu = args['cpu'] + @memory_gb = args['memoryGb'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigWorkloadsConfigTriggerer" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_web_server.rb b/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_web_server.rb new file mode 100644 index 000000000..5d9b44dda --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_web_server.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigWorkloadsConfigWebServer + attr_reader :cpu + + attr_reader :memory_gb + + attr_reader :storage_gb + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @cpu = args['cpu'] + @memory_gb = args['memoryGb'] + @storage_gb = args['storageGb'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigWorkloadsConfigWebServer" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_worker.rb b/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_worker.rb new file mode 100644 index 000000000..1560b6720 --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_config_workloads_config_worker.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentConfigWorkloadsConfigWorker + attr_reader :cpu + + attr_reader :memory_gb + + attr_reader :storage_gb + + attr_reader :min_count + + attr_reader :max_count + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @cpu = args['cpu'] + @memory_gb = args['memoryGb'] + @storage_gb = args['storageGb'] + @min_count = args['minCount'] + @max_count = args['maxCount'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentConfigWorkloadsConfigWorker" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_labels.rb b/libraries/google/composer/property/projectlocationenvironment_labels.rb new file mode 100644 index 000000000..5da4c3f7c --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_labels.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentLabels + attr_reader :additional_properties + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @additional_properties = args['additionalProperties'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentLabels" + end + end + end + end +end diff --git a/libraries/google/composer/property/projectlocationenvironment_storage_config.rb b/libraries/google/composer/property/projectlocationenvironment_storage_config.rb new file mode 100644 index 000000000..ff019714e --- /dev/null +++ b/libraries/google/composer/property/projectlocationenvironment_storage_config.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Composer + module Property + class ProjectLocationEnvironmentStorageConfig + attr_reader :bucket + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @bucket = args['bucket'] + end + + def to_s + "#{@parent_identifier} ProjectLocationEnvironmentStorageConfig" + end + end + end + end +end diff --git a/libraries/google_composer_project_location_environment.rb b/libraries/google_composer_project_location_environment.rb new file mode 100644 index 000000000..86d24af82 --- /dev/null +++ b/libraries/google_composer_project_location_environment.rb @@ -0,0 +1,98 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/composer/property/projectlocationenvironment_config' +require 'google/composer/property/projectlocationenvironment_config_database_config' +require 'google/composer/property/projectlocationenvironment_config_encryption_config' +require 'google/composer/property/projectlocationenvironment_config_maintenance_window' +require 'google/composer/property/projectlocationenvironment_config_master_authorized_networks_config' +require 'google/composer/property/projectlocationenvironment_config_master_authorized_networks_config_cidr_blocks' +require 'google/composer/property/projectlocationenvironment_config_node_config' +require 'google/composer/property/projectlocationenvironment_config_node_config_ip_allocation_policy' +require 'google/composer/property/projectlocationenvironment_config_private_environment_config' +require 'google/composer/property/projectlocationenvironment_config_private_environment_config_networking_config' +require 'google/composer/property/projectlocationenvironment_config_private_environment_config_private_cluster_config' +require 'google/composer/property/projectlocationenvironment_config_recovery_config' +require 'google/composer/property/projectlocationenvironment_config_recovery_config_scheduled_snapshots_config' +require 'google/composer/property/projectlocationenvironment_config_software_config' +require 'google/composer/property/projectlocationenvironment_config_software_config_airflow_config_overrides' +require 'google/composer/property/projectlocationenvironment_config_software_config_env_variables' +require 'google/composer/property/projectlocationenvironment_config_software_config_pypi_packages' +require 'google/composer/property/projectlocationenvironment_config_web_server_config' +require 'google/composer/property/projectlocationenvironment_config_web_server_network_access_control' +require 'google/composer/property/projectlocationenvironment_config_web_server_network_access_control_allowed_ip_ranges' +require 'google/composer/property/projectlocationenvironment_config_workloads_config' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_scheduler' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_triggerer' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_web_server' +require 'google/composer/property/projectlocationenvironment_config_workloads_config_worker' +require 'google/composer/property/projectlocationenvironment_labels' +require 'google/composer/property/projectlocationenvironment_storage_config' + +# A provider to manage composer resources. +class ComposerProjectLocationEnvironment < GcpResourceBase + name 'google_composer_project_location_environment' + desc 'ProjectLocationEnvironment' + supports platform: 'gcp' + + attr_reader :params + attr_reader :name + attr_reader :config + attr_reader :uuid + attr_reader :state + attr_reader :create_time + attr_reader :update_time + attr_reader :labels + attr_reader :satisfies_pzs + attr_reader :storage_config + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @name = @fetched['name'] + @config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfig.new(@fetched['config'], to_s) + @uuid = @fetched['uuid'] + @state = @fetched['state'] + @create_time = @fetched['createTime'] + @update_time = @fetched['updateTime'] + @labels = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentLabels.new(@fetched['labels'], to_s) + @satisfies_pzs = @fetched['satisfiesPzs'] + @storage_config = GoogleInSpec::Composer::Property::ProjectLocationEnvironmentStorageConfig.new(@fetched['storageConfig'], to_s) + end + + def exists? + !@fetched.nil? + end + + def to_s + "ProjectLocationEnvironment #{@params[:name]}" + end + + private + + def product_url(_ = nil) + 'https://composer.googleapis.com//V1/' + end + + def resource_base_url + '{{name}}' + end +end diff --git a/libraries/google_composer_project_location_environments.rb b/libraries/google_composer_project_location_environments.rb new file mode 100644 index 000000000..62cba8d42 --- /dev/null +++ b/libraries/google_composer_project_location_environments.rb @@ -0,0 +1,95 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class ComposerProjectLocationEnvironments < GcpResourceBase + name 'google_composer_project_location_environments' + desc 'ProjectLocationEnvironment plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:configs, field: :config) + filter_table_config.add(:uuids, field: :uuid) + filter_table_config.add(:states, field: :state) + filter_table_config.add(:create_times, field: :create_time) + filter_table_config.add(:update_times, field: :update_time) + filter_table_config.add(:labels, field: :labels) + filter_table_config.add(:satisfies_pzs, field: :satisfies_pzs) + filter_table_config.add(:storage_configs, field: :storage_config) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('projectLocationEnvironments') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'name' => ->(obj) { return :name, obj['name'] }, + 'config' => ->(obj) { return :config, GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfig.new(obj['config'], to_s) }, + 'uuid' => ->(obj) { return :uuid, obj['uuid'] }, + 'state' => ->(obj) { return :state, obj['state'] }, + 'createTime' => ->(obj) { return :create_time, obj['createTime'] }, + 'updateTime' => ->(obj) { return :update_time, obj['updateTime'] }, + 'labels' => ->(obj) { return :labels, GoogleInSpec::Composer::Property::ProjectLocationEnvironmentLabels.new(obj['labels'], to_s) }, + 'satisfiesPzs' => ->(obj) { return :satisfies_pzs, obj['satisfiesPzs'] }, + 'storageConfig' => ->(obj) { return :storage_config, GoogleInSpec::Composer::Property::ProjectLocationEnvironmentStorageConfig.new(obj['storageConfig'], to_s) }, + } + end + + private + + def product_url(_ = nil) + 'https://composer.googleapis.com//V1/' + end + + def resource_base_url + '{{parent}}/environments' + end +end diff --git a/test/integration/verify/controls/google_composer_project_location_environment.rb b/test/integration/verify/controls/google_composer_project_location_environment.rb new file mode 100644 index 000000000..4de9f9d26 --- /dev/null +++ b/test/integration/verify/controls/google_composer_project_location_environment.rb @@ -0,0 +1,44 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_composer_project_location_environment resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + project_location_environment = input('project_location_environment', value: { + "name": "value_name", + "parent": "value_parent", + "uuid": "value_uuid", + "state": "value_state", + "create_time": "value_createtime", + "update_time": "value_updatetime" +}, description: 'project_location_environment description') +control 'google_composer_project_location_environment-1.0' do + impact 1.0 + title 'google_composer_project_location_environment resource test' + + describe google_composer_project_location_environment(name: project_location_environment['name']) do + it { should exist } + its('name') { should cmp project_location_environment['name'] } + its('uuid') { should cmp project_location_environment['uuid'] } + its('state') { should cmp project_location_environment['state'] } + its('create_time') { should cmp project_location_environment['create_time'] } + its('update_time') { should cmp project_location_environment['update_time'] } + + end + + describe google_composer_project_location_environment(name: "does_not_exit") do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_composer_project_location_environments.rb b/test/integration/verify/controls/google_composer_project_location_environments.rb new file mode 100644 index 000000000..4d1202fa6 --- /dev/null +++ b/test/integration/verify/controls/google_composer_project_location_environments.rb @@ -0,0 +1,34 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_composer_project_location_environments resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + project_location_environment = input('project_location_environment', value: { + "name": "value_name", + "parent": "value_parent", + "uuid": "value_uuid", + "state": "value_state", + "create_time": "value_createtime", + "update_time": "value_updatetime" +}, description: 'project_location_environment description') +control 'google_composer_project_location_environments-1.0' do + impact 1.0 + title 'google_composer_project_location_environments resource test' + + describe google_composer_project_location_environments(parent: project_location_environment['parent']) do + it { should exist } + end +end From a3d355e67a361333f9354d2daf36cb70fb12e90d Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Tue, 5 Dec 2023 14:32:16 +0530 Subject: [PATCH 02/16] fix: correct product url for googleapis Signed-off-by: Sonu Saha --- libraries/google_composer_project_location_environments.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/google_composer_project_location_environments.rb b/libraries/google_composer_project_location_environments.rb index 62cba8d42..8d116d9e4 100644 --- a/libraries/google_composer_project_location_environments.rb +++ b/libraries/google_composer_project_location_environments.rb @@ -86,7 +86,7 @@ def transformers private def product_url(_ = nil) - 'https://composer.googleapis.com//V1/' + 'https://composer.googleapis.com/v1/' end def resource_base_url From 7504a12fd580be06d54899d02bcfc9d128f7900d Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Tue, 5 Dec 2023 14:33:20 +0530 Subject: [PATCH 03/16] fix: update wrap path for google_composer_project_location_environments Signed-off-by: Sonu Saha --- libraries/google_composer_project_location_environments.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/google_composer_project_location_environments.rb b/libraries/google_composer_project_location_environments.rb index 8d116d9e4..64867463c 100644 --- a/libraries/google_composer_project_location_environments.rb +++ b/libraries/google_composer_project_location_environments.rb @@ -38,7 +38,7 @@ class ComposerProjectLocationEnvironments < GcpResourceBase def initialize(params = {}) super(params.merge({ use_http_transport: true })) @params = params - @table = fetch_wrapped_resource('projectLocationEnvironments') + @table = fetch_wrapped_resource('environments') end def fetch_wrapped_resource(wrap_path) From 569419249305d215ff97dc56f8c59a775e75ea22 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Tue, 5 Dec 2023 15:23:46 +0530 Subject: [PATCH 04/16] fix: correct product url for googleapis Signed-off-by: Sonu Saha --- libraries/google_composer_project_location_environment.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/google_composer_project_location_environment.rb b/libraries/google_composer_project_location_environment.rb index 86d24af82..fab23c92a 100644 --- a/libraries/google_composer_project_location_environment.rb +++ b/libraries/google_composer_project_location_environment.rb @@ -89,7 +89,7 @@ def to_s private def product_url(_ = nil) - 'https://composer.googleapis.com//V1/' + 'https://composer.googleapis.com/v1/' end def resource_base_url From 928ecbebcbed43aeceea73d61ac0d8259b457917 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Wed, 6 Dec 2023 10:56:31 +0530 Subject: [PATCH 05/16] chore: remove redundant returns to fix lint offense Signed-off-by: Sonu Saha --- ...e_composer_project_location_environments.rb | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libraries/google_composer_project_location_environments.rb b/libraries/google_composer_project_location_environments.rb index 64867463c..df635d5fe 100644 --- a/libraries/google_composer_project_location_environments.rb +++ b/libraries/google_composer_project_location_environments.rb @@ -71,15 +71,15 @@ def transform(key, value) def transformers { - 'name' => ->(obj) { return :name, obj['name'] }, - 'config' => ->(obj) { return :config, GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfig.new(obj['config'], to_s) }, - 'uuid' => ->(obj) { return :uuid, obj['uuid'] }, - 'state' => ->(obj) { return :state, obj['state'] }, - 'createTime' => ->(obj) { return :create_time, obj['createTime'] }, - 'updateTime' => ->(obj) { return :update_time, obj['updateTime'] }, - 'labels' => ->(obj) { return :labels, GoogleInSpec::Composer::Property::ProjectLocationEnvironmentLabels.new(obj['labels'], to_s) }, - 'satisfiesPzs' => ->(obj) { return :satisfies_pzs, obj['satisfiesPzs'] }, - 'storageConfig' => ->(obj) { return :storage_config, GoogleInSpec::Composer::Property::ProjectLocationEnvironmentStorageConfig.new(obj['storageConfig'], to_s) }, + 'name' => ->(obj) { [:name, obj['name']] }, + 'config' => ->(obj) { [:config, GoogleInSpec::Composer::Property::ProjectLocationEnvironmentConfig.new(obj['config'], to_s)] }, + 'uuid' => ->(obj) { [:uuid, obj['uuid']] }, + 'state' => ->(obj) { [:state, obj['state']] }, + 'createTime' => ->(obj) { [:create_time, obj['createTime']] }, + 'updateTime' => ->(obj) { [:update_time, obj['updateTime']] }, + 'labels' => ->(obj) { [:labels, GoogleInSpec::Composer::Property::ProjectLocationEnvironmentLabels.new(obj['labels'], to_s)] }, + 'satisfiesPzs' => ->(obj) { [:satisfies_pzs, obj['satisfiesPzs']] }, + 'storageConfig' => ->(obj) { [:storage_config, GoogleInSpec::Composer::Property::ProjectLocationEnvironmentStorageConfig.new(obj['storageConfig'], to_s)] }, } end From c5362767d255441590853c498e8786bf85bcba1a Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Wed, 6 Dec 2023 11:03:52 +0530 Subject: [PATCH 06/16] chore: uncomment terraform scripts Signed-off-by: Sonu Saha --- .../inspec/test/integration/build/gcp-mm.tf | 2660 ++++++++--------- build/inspec/test/integration/build/gcp-mm.tf | 2658 ++++++++-------- 2 files changed, 2659 insertions(+), 2659 deletions(-) diff --git a/build/inspec/build/inspec/test/integration/build/gcp-mm.tf b/build/inspec/build/inspec/test/integration/build/gcp-mm.tf index f86c2ac7c..9036ca451 100644 --- a/build/inspec/build/inspec/test/integration/build/gcp-mm.tf +++ b/build/inspec/build/inspec/test/integration/build/gcp-mm.tf @@ -1,1335 +1,1335 @@ -#variable "ssl_policy" { -# type = any -#} -# -#variable "topic" { -# type = any -#} -# -#variable "subscription" { -# type = any -#} -# -#variable "managed_zone" { -# type = any -#} -# -#variable "record_set" { -# type = any -#} -# -#variable "instance_group_manager" { -# type = any -#} -# -#variable "autoscaler" { -# type = any -#} -# -#variable "target_pool" { -# type = any -#} -# -#variable "trigger" { -# type = any -#} -# -#variable "health_check" { -# type = any -#} -# -#variable "backend_service" { -# type = any -#} -# -#variable "http_health_check" { -# type = any -#} -# -#variable "https_health_check" { -# type = any -#} -# -#variable "instance_template" { -# type = any -#} -# -#variable "global_address" { -# type = any -#} -# -#variable "url_map" { -# type = any -#} -# -#variable "http_proxy" { -# type = any -#} -# -#variable "global_forwarding_rule" { -# type = any -#} -# -#variable "target_tcp_proxy" { -# type = any -#} -# -#variable "route" { -# type = any -#} -# -#variable "router" { -# type = any -#} -# -#variable "snapshot" { -# type = any -#} -# -#variable "https_proxy" { -# type = any -#} -# -#variable "ssl_certificate" { -# type = any -#} -# -#variable "dataset" { -# type = any -#} -# -#variable "bigquery_table" { -# type = any -#} -# -#variable "repository" { -# type = any -#} -# -#variable "folder" { -# type = any -#} -# -#variable "gcp_organization_id" { -# type = string -# default = "none" -#} -# -#variable "cloudfunction" { -# type = any -#} -# -#variable "backend_bucket" { -# type = any -#} -# -#variable "gcp_cloud_function_region" {} -# -#variable "regional_node_pool" { -# type = any -#} -# -#variable "region_backend_service_health_check" { -# type = any -#} -# -#variable "region_backend_service" { -# type = any -#} -# -#variable "org_sink" { -# type = any -#} -# -#variable "standardappversion" { -# type = any -#} -# -#variable "ml_model" { -# type = any -#} -# -#variable "dataproc_cluster" { -# type = any -#} -# -#variable "folder_exclusion" { -# type = any -#} -# -#variable "filestore_instance" { -# type = any -#} -# -#variable "folder_sink" { -# type = any -#} -# -#variable "runtimeconfig_config" { -# type = any -#} -# -#variable "runtimeconfig_variable" { -# type = any -#} -# -#variable "redis" { -# type = any -#} -# -#variable "network_endpoint_group" { -# type = any -#} -# -#variable "node_template" { -# type = any -#} -# -#variable "node_group" { -# type = any -#} -# -#variable "router_nat" { -# type = any -#} -# -#variable "service" { -# type = any -#} -# -#variable "spannerinstance" { -# type = any -#} -# -#variable "spannerdatabase" { -# type = any -#} -# -#variable "scheduler_job" { -# type = any -#} -# -# -#resource "google_compute_ssl_policy" "custom-ssl-policy" { -# name = var.ssl_policy["name"] -# min_tls_version = var.ssl_policy["min_tls_version"] -# profile = var.ssl_policy["profile"] -# custom_features = [var.ssl_policy["custom_feature"], var.ssl_policy["custom_feature2"]] -# project = var.gcp_project_id -#} -# -#resource "google_pubsub_topic" "topic" { -# project = var.gcp_project_id -# name = var.topic["name"] -#} -# -#resource "google_pubsub_subscription" "default" { -# project = var.gcp_project_id -# name = var.subscription["name"] -# topic = google_pubsub_topic.topic.name -# ack_deadline_seconds = var.subscription["ack_deadline_seconds"] -#} -# -#resource "google_dns_managed_zone" "prod" { -# name = var.managed_zone["name"] -# dns_name = var.managed_zone["dns_name"] -# description = var.managed_zone["description"] -# -# labels = { -# key = var.managed_zone["label_value"] -# } -# project = var.gcp_project_id -#} -# -#resource "google_dns_record_set" "a" { -# name = var.record_set["name"] -# managed_zone = google_dns_managed_zone.prod.name -# type = var.record_set["type"] -# ttl = var.record_set["ttl"] -# -# rrdatas = [var.record_set["rrdatas1"], var.record_set["rrdatas2"]] -# project = var.gcp_project_id -#} -# -#resource "google_compute_instance_group_manager" "gcp-inspec-igm" { -# project = var.gcp_project_id -# zone = var.gcp_zone -# name = var.instance_group_manager["name"] -# version { -# instance_template = google_compute_instance_template.default.self_link -# } -# base_instance_name = var.instance_group_manager["base_instance_name"] -# target_pools = [] -# target_size = 0 -# named_port { -# name = var.instance_group_manager["named_port_name"] -# port = var.instance_group_manager["named_port_port"] -# } -#} -# -#resource "google_compute_autoscaler" "gcp-inspec-autoscaler" { -# project = var.gcp_project_id -# name = var.autoscaler["name"] -# zone = var.gcp_zone -# target = google_compute_instance_group_manager.gcp-inspec-igm.self_link -# -# autoscaling_policy { -# max_replicas = var.autoscaler["max_replicas"] -# min_replicas = var.autoscaler["min_replicas"] -# cooldown_period = var.autoscaler["cooldown_period"] -# -# cpu_utilization { -# target = var.autoscaler["cpu_utilization_target"] -# } -# } -#} -# -#resource "google_compute_target_pool" "gcp-inspec-target-pool" { -# project = var.gcp_project_id -# name = var.target_pool["name"] -# session_affinity = var.target_pool["session_affinity"] -# -# instances = [ -# "${var.gcp_zone}/${var.gcp_ext_vm_name}", -# ] -#} -# -#resource "google_cloudbuild_trigger" "gcp-inspec-cloudbuild-trigger" { -# project = var.gcp_project_id -# trigger_template { -# branch_name = var.trigger["trigger_template_branch"] -# project_id = var.trigger["trigger_template_project"] -# repo_name = var.trigger["trigger_template_repo"] -# } -# filename = var.trigger["filename"] -#} -# -#resource "google_compute_health_check" "gcp-inspec-health-check" { -# project = var.gcp_project_id -# name = var.health_check["name"] -# -# timeout_sec = var.health_check["timeout_sec"] -# check_interval_sec = var.health_check["check_interval_sec"] -# -# tcp_health_check { -# port = var.health_check["tcp_health_check_port"] -# } -#} -# -#resource "google_compute_backend_service" "gcp-inspec-backend-service" { -# project = var.gcp_project_id -# name = var.backend_service["name"] -# description = var.backend_service["description"] -# port_name = var.backend_service["port_name"] -# protocol = var.backend_service["protocol"] -# timeout_sec = var.backend_service["timeout_sec"] -# enable_cdn = var.backend_service["enable_cdn"] -# -# backend { -# group = google_compute_instance_group_manager.gcp-inspec-igm.instance_group -# } -# -# health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] -#} -# -#resource "google_compute_health_check" "gcp-inspec-region-backend-service-hc" { -# project = var.gcp_project_id -# name = var.region_backend_service_health_check["name"] -# -# timeout_sec = var.region_backend_service_health_check["timeout_sec"] -# check_interval_sec = var.region_backend_service_health_check["check_interval_sec"] -# -# tcp_health_check { -# port = var.region_backend_service_health_check["tcp_health_check_port"] -# } -#} -# -#resource "google_compute_region_backend_service" "gcp-inspec-region-backend-service" { -# project = var.gcp_project_id -# region = var.gcp_location -# name = var.region_backend_service["name"] -# description = var.region_backend_service["description"] -# protocol = var.region_backend_service["protocol"] -# timeout_sec = var.region_backend_service["timeout_sec"] -# -# health_checks = [google_compute_health_check.gcp-inspec-region-backend-service-hc.self_link] -#} -# -#resource "google_compute_http_health_check" "gcp-inspec-http-health-check" { -# project = var.gcp_project_id -# name = var.http_health_check["name"] -# request_path = var.http_health_check["request_path"] -# -# timeout_sec = var.http_health_check["timeout_sec"] -# check_interval_sec = var.http_health_check["check_interval_sec"] -#} -# -#resource "google_compute_https_health_check" "gcp-inspec-https-health-check" { -# project = var.gcp_project_id -# name = var.https_health_check["name"] -# request_path = var.https_health_check["request_path"] -# -# timeout_sec = var.https_health_check["timeout_sec"] -# check_interval_sec = var.https_health_check["check_interval_sec"] -# unhealthy_threshold = var.https_health_check["unhealthy_threshold"] -#} -# -#resource "google_compute_instance_template" "gcp-inspec-instance-template" { -# project = var.gcp_project_id -# name = var.instance_template["name"] -# description = var.instance_template["description"] -# -# tags = [var.instance_template["tag"]] -# -# instance_description = var.instance_template["instance_description"] -# machine_type = var.instance_template["machine_type"] -# can_ip_forward = var.instance_template["can_ip_forward"] -# -# scheduling { -# automatic_restart = var.instance_template["scheduling_automatic_restart"] -# on_host_maintenance = var.instance_template["scheduling_on_host_maintenance"] -# } -# -# // Create a new boot disk from an image -# disk { -# source_image = var.instance_template["disk_source_image"] -# auto_delete = var.instance_template["disk_auto_delete"] -# boot = var.instance_template["disk_boot"] -# } -# -# network_interface { -# network = var.instance_template["network_interface_network"] -# } -# -# service_account { -# scopes = [var.instance_template["service_account_scope"]] -# } -#} -# -#resource "google_compute_global_address" "gcp-inspec-global-address" { -# project = var.gcp_project_id -# name = var.global_address["name"] -# ip_version = var.global_address["ip_version"] -#} -# -#resource "google_compute_url_map" "gcp-inspec-url-map" { -# project = var.gcp_project_id -# name = var.url_map["name"] -# description = var.url_map["description"] -# -# default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link -# -# host_rule { -# hosts = [var.url_map["host_rule_host"]] -# path_matcher = var.url_map["path_matcher_name"] -# } -# -# path_matcher { -# name = var.url_map["path_matcher_name"] -# default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link -# -# path_rule { -# paths = [var.url_map["path_rule_path"]] -# service = google_compute_backend_service.gcp-inspec-backend-service.self_link -# } -# } -# -# test { -# service = google_compute_backend_service.gcp-inspec-backend-service.self_link -# host = var.url_map["test_host"] -# path = var.url_map["test_path"] -# } -#} -# -#resource "google_compute_target_http_proxy" "gcp-inspec-http-proxy" { -# project = var.gcp_project_id -# name = var.http_proxy["name"] -# url_map = google_compute_url_map.gcp-inspec-url-map.self_link -# description = var.http_proxy["description"] -#} -# -#resource "google_compute_global_forwarding_rule" "gcp-inspec-global-forwarding-rule" { -# project = var.gcp_project_id -# name = var.global_forwarding_rule["name"] -# target = google_compute_target_http_proxy.gcp-inspec-http-proxy.self_link -# port_range = var.global_forwarding_rule["port_range"] -#} -# -#resource "google_compute_backend_service" "gcp-inspec-tcp-backend-service" { -# project = var.gcp_project_id -# name = var.target_tcp_proxy["tcp_backend_service_name"] -# protocol = "TCP" -# timeout_sec = 10 -# -# health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] -#} -# -#resource "google_compute_target_tcp_proxy" "gcp-inspec-target-tcp-proxy" { -# project = var.gcp_project_id -# name = var.target_tcp_proxy["name"] -# proxy_header = var.target_tcp_proxy["proxy_header"] -# backend_service = google_compute_backend_service.gcp-inspec-tcp-backend-service.self_link -#} -# -#resource "google_compute_route" "gcp-inspec-route" { -# project = var.gcp_project_id -# name = var.route["name"] -# dest_range = var.route["dest_range"] -# network = google_compute_network.inspec-gcp-network.name -# next_hop_ip = var.route["next_hop_ip"] -# priority = var.route["priority"] -# # google_compute_route depends on next_hop_ip belonging to a subnetwork -# # of the named network in this block. Since inspec-gcp-network does not -# # automatically create subnetworks, we need to create a dependency so -# # the route is not created before the subnetwork -# depends_on = [google_compute_subnetwork.inspec-gcp-subnetwork] -#} -# -#resource "google_compute_router" "gcp-inspec-router" { -# project = var.gcp_project_id -# name = var.router["name"] -# network = google_compute_network.inspec-gcp-network.name -# bgp { -# asn = var.router["bgp_asn"] -# advertise_mode = var.router["bgp_advertise_mode"] -# advertised_groups = [var.router["bgp_advertised_group"]] -# advertised_ip_ranges { -# range = var.router["bgp_advertised_ip_range1"] -# } -# advertised_ip_ranges { -# range = var.router["bgp_advertised_ip_range2"] -# } -# } -#} -# -#resource "google_compute_disk" "snapshot-disk" { -# project = var.gcp_project_id -# name = var.snapshot["disk_name"] -# type = var.snapshot["disk_type"] -# zone = var.gcp_zone -# image = var.snapshot["disk_image"] -# labels = { -# environment = "generic_compute_disk_label" -# } -#} -# -#resource "google_compute_snapshot" "gcp-inspec-snapshot" { -# project = var.gcp_project_id -# name = var.snapshot["name"] -# source_disk = google_compute_disk.snapshot-disk.name -# zone = var.gcp_zone -#} -# -#resource "google_compute_ssl_certificate" "gcp-inspec-ssl-certificate" { -# project = var.gcp_project_id -# name = var.ssl_certificate["name"] -# private_key = var.ssl_certificate["private_key"] -# certificate = var.ssl_certificate["certificate"] -# description = var.ssl_certificate["description"] -#} -# -#resource "google_compute_target_https_proxy" "gcp-inspec-https-proxy" { -# project = var.gcp_project_id -# name = var.https_proxy["name"] -# url_map = google_compute_url_map.gcp-inspec-url-map.self_link -# description = var.https_proxy["description"] -# ssl_certificates = [google_compute_ssl_certificate.gcp-inspec-ssl-certificate.self_link] -#} -# -#resource "google_bigquery_dataset" "gcp-inspec-dataset" { -# project = var.gcp_project_id -# dataset_id = var.dataset["dataset_id"] -# friendly_name = var.dataset["friendly_name"] -# description = var.dataset["description"] -# location = var.dataset["location"] -# default_table_expiration_ms = var.dataset["default_table_expiration_ms"] -# -# access { -# role = var.dataset["access_writer_role"] -# special_group = var.dataset["access_writer_special_group"] -# } -# -# access { -# role = "OWNER" -# special_group = "projectOwners" -# } -#} -# -#resource "google_bigquery_table" "gcp-inspec-bigquery-table" { -# project = var.gcp_project_id -# dataset_id = google_bigquery_dataset.gcp-inspec-dataset.dataset_id -# table_id = var.bigquery_table["table_id"] -# -# time_partitioning { -# type = var.bigquery_table["time_partitioning_type"] -# } -# -# description = var.bigquery_table["description"] -# expiration_time = var.bigquery_table["expiration_time"] -#} -# -#resource "google_sourcerepo_repository" "gcp-inspec-sourcerepo-repository" { -# project = var.gcp_project_id -# name = var.repository["name"] -#} -# -#resource "google_folder" "inspec-gcp-folder" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# display_name = var.folder["display_name"] -# parent = "organizations/${var.gcp_organization_id}" -#} -# -#resource "google_storage_bucket_object" "archive" { -# name = "index.js.zip" -# bucket = google_storage_bucket.generic-storage-bucket.name -# source = "../configuration/index.js.zip" -#} -# -#resource "google_cloudfunctions_function" "function" { -# project = var.gcp_project_id -# region = var.gcp_cloud_function_region -# name = var.cloudfunction["name"] -# description = var.cloudfunction["description"] -# available_memory_mb = var.cloudfunction["available_memory_mb"] -# source_archive_bucket = google_storage_bucket.generic-storage-bucket.name -# source_archive_object = google_storage_bucket_object.archive.name -# trigger_http = var.cloudfunction["trigger_http"] -# timeout = var.cloudfunction["timeout"] -# entry_point = var.cloudfunction["entry_point"] -# runtime = "nodejs8" -# -# environment_variables = { -# MY_ENV_VAR = var.cloudfunction["env_var_value"] -# } -#} -# -#resource "google_compute_backend_bucket" "image_backend" { -# project = var.gcp_project_id -# name = var.backend_bucket["name"] -# description = var.backend_bucket["description"] -# bucket_name = google_storage_bucket.generic-storage-bucket.name -# enable_cdn = var.backend_bucket["enable_cdn"] -#} -# -#resource "google_container_node_pool" "inspec-gcp-node-pool" { -# project = var.gcp_project_id -# name = var.regional_node_pool["name"] -# location = google_container_cluster.primary.location -# cluster = google_container_cluster.primary.name -# node_count = var.regional_node_pool["node_count"] -#} -# -#resource "google_logging_organization_sink" "my-sink" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# name = var.org_sink.name -# org_id = var.gcp_organization_id -# -# # Can export to pubsub, cloud storage, or bigquery -# destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" -# -# # Log all WARN or higher severity messages relating to instances -# filter = var.org_sink.filter -#} -# -#variable "project_sink" { -# type = any -#} -# -#resource "google_logging_project_sink" "project-logging-sink" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# project = var.gcp_project_id -# -# name = var.project_sink.name -# destination = "storage.googleapis.com/${google_storage_bucket.project-logging-bucket[0].name}" -# -# filter = var.project_sink.filter -# -# unique_writer_identity = true -#} -# -#resource "google_storage_bucket" "bucket" { -# name = "inspec-gcp-static-${var.gcp_project_id}" -# project = var.gcp_project_id -# location = var.gcp_location -# force_destroy = true -# -# labels = { -# "key" = "value" -# } -# -# retention_policy { -# retention_period = 1000 -# } -#} -# -#resource "google_storage_bucket_object" "object" { -# name = "hello-world.zip" -# bucket = google_storage_bucket.bucket.name -# source = "../configuration/hello-world.zip" -#} -# -#resource "google_app_engine_standard_app_version" "default" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# project = var.gcp_project_id -# version_id = var.standardappversion["version_id"] -# service = var.standardappversion["service"] -# runtime = var.standardappversion["runtime"] -# noop_on_destroy = true -# entrypoint { -# shell = var.standardappversion["entrypoint"] -# } -# -# deployment { -# zip { -# source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" -# } -# } -# -# env_variables = { -# port = var.standardappversion["port"] -# } -#} -# -#resource "google_ml_engine_model" "inspec-gcp-model" { -# project = var.gcp_project_id -# name = var.ml_model["name"] -# description = var.ml_model["description"] -# regions = [var.ml_model["region"]] -# online_prediction_logging = var.ml_model["online_prediction_logging"] -# online_prediction_console_logging = var.ml_model["online_prediction_console_logging"] -#} -# -#resource "google_compute_firewall" "dataproc" { -# project = var.gcp_project_id -# name = "dataproc-firewall" -# network = google_compute_network.dataproc.name -# -# source_ranges = ["10.128.0.0/9"] -# allow { -# protocol = "icmp" -# } -# -# allow { -# protocol = "tcp" -# ports = ["0-65535"] -# } -# allow { -# protocol = "udp" -# ports = ["0-65535"] -# } -#} -# -#resource "google_compute_network" "dataproc" { -# project = var.gcp_project_id -# name = "dataproc-network" -#} -# -#resource "google_dataproc_cluster" "mycluster" { -# project = var.gcp_project_id -# region = var.gcp_location -# name = var.dataproc_cluster["name"] -# -# labels = { -# "${var.dataproc_cluster["label_key"]}" = var.dataproc_cluster["label_value"] -# } -# -# cluster_config { -# master_config { -# num_instances = var.dataproc_cluster["config"]["master_config"]["num_instances"] -# machine_type = var.dataproc_cluster["config"]["master_config"]["machine_type"] -# disk_config { -# boot_disk_type = var.dataproc_cluster["config"]["master_config"]["boot_disk_type"] -# boot_disk_size_gb = var.dataproc_cluster["config"]["master_config"]["boot_disk_size_gb"] -# } -# } -# -# worker_config { -# num_instances = var.dataproc_cluster["config"]["worker_config"]["num_instances"] -# machine_type = var.dataproc_cluster["config"]["worker_config"]["machine_type"] -# disk_config { -# boot_disk_size_gb = var.dataproc_cluster["config"]["worker_config"]["boot_disk_size_gb"] -# num_local_ssds = var.dataproc_cluster["config"]["worker_config"]["num_local_ssds"] -# } -# } -# -# # Override or set some custom properties -# software_config { -# override_properties = { -# "${var.dataproc_cluster["config"]["software_config"]["prop_key"]}" = var.dataproc_cluster["config"]["software_config"]["prop_value"] -# } -# } -# -# gce_cluster_config { -# network = google_compute_network.dataproc.self_link -# tags = [var.dataproc_cluster["config"]["gce_cluster_config"]["tag"]] -# } -# } -#} -# -#resource "google_logging_folder_exclusion" "my-exclusion" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# name = var.folder_exclusion["name"] -# folder = google_folder.inspec-gcp-folder.0.name -# -# description = var.folder_exclusion["description"] -# -# filter = var.folder_exclusion["filter"] -#} -# -#variable "project_exclusion" { -# type = any -#} -# -#resource "google_logging_project_exclusion" "project-exclusion" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# name = var.project_exclusion["name"] -# project = var.gcp_project_id -# -# description = var.project_exclusion["description"] -# -# filter = var.project_exclusion["filter"] -#} -# -#resource "google_filestore_instance" "instance" { -# project = var.gcp_project_id -# name = var.filestore_instance["name"] -# zone = var.filestore_instance["zone"] -# tier = var.filestore_instance["tier"] -# -# file_shares { -# capacity_gb = var.filestore_instance["fileshare_capacity_gb"] -# name = var.filestore_instance["fileshare_name"] -# } -# -# networks { -# network = var.filestore_instance["network_name"] -# modes = [var.filestore_instance["network_mode"]] -# } -#} -# -#resource "google_logging_folder_sink" "folder-sink" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# name = var.folder_sink.name -# folder = google_folder.inspec-gcp-folder.0.name -# -# destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" -# -# filter = var.folder_sink.filter -#} -# -#resource "google_runtimeconfig_config" "inspec-runtime-config" { -# project = var.gcp_project_id -# name = var.runtimeconfig_config["name"] -# description = var.runtimeconfig_config["description"] -#} -# -#resource "google_runtimeconfig_variable" "inspec-runtime-variable" { -# project = var.gcp_project_id -# parent = google_runtimeconfig_config.inspec-runtime-config.name -# name = var.runtimeconfig_variable["name"] -# text = var.runtimeconfig_variable["text"] -#} -# -#resource "google_redis_instance" "inspec-redis" { -# project = var.gcp_project_id -# name = var.redis["name"] -# tier = var.redis["tier"] -# memory_size_gb = var.redis["memory_size_gb"] -# -# location_id = var.redis["location_id"] -# alternative_location_id = var.redis["alternative_location_id"] -# -# redis_version = var.redis["redis_version"] -# display_name = var.redis["display_name"] -# reserved_ip_range = var.redis["reserved_ip_range"] -# -# labels = { -# "${var.redis["label_key"]}" = var.redis["label_value"] -# } -#} -# -#resource "google_compute_network_endpoint_group" "inspec-endpoint-group" { -# project = var.gcp_project_id -# name = var.network_endpoint_group["name"] -# network = google_compute_subnetwork.inspec-gcp-subnetwork.network -# subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link -# default_port = var.network_endpoint_group["default_port"] -# zone = var.gcp_zone -#} -# -#data "google_compute_node_types" "zone-node-type" { -# project = var.gcp_project_id -# zone = var.gcp_zone -#} -# -#resource "google_compute_node_template" "inspec-template" { -# project = var.gcp_project_id -# region = var.gcp_location -# -# name = var.node_template["name"] -# node_type = data.google_compute_node_types.zone-node-type.names[0] -# -# node_affinity_labels = { -# "${var.node_template["label_key"]}" = var.node_template["label_value"] -# } -#} -# -#resource "google_compute_node_group" "inspec-node-group" { -# project = var.gcp_project_id -# name = var.node_group["name"] -# zone = var.gcp_zone -# description = var.node_group["description"] -# -# size = var.node_group["size"] -# node_template = google_compute_node_template.inspec-template.self_link -#} -# -#resource "google_compute_router_nat" "inspec-nat" { -# project = var.gcp_project_id -# name = var.router_nat["name"] -# router = google_compute_router.gcp-inspec-router.name -# region = google_compute_router.gcp-inspec-router.region -# nat_ip_allocate_option = var.router_nat["nat_ip_allocate_option"] -# source_subnetwork_ip_ranges_to_nat = var.router_nat["source_subnetwork_ip_ranges_to_nat"] -# min_ports_per_vm = var.router_nat["min_ports_per_vm"] -# -# log_config { -# enable = var.router_nat["log_config_enable"] -# filter = var.router_nat["log_config_filter"] -# } -#} -# -#resource "google_project_service" "project" { -# project = var.gcp_project_id -# service = var.service["name"] -#} -# -#resource "google_service_account" "spanner_service_account" { -# project = var.gcp_project_id -# account_id = "${var.gcp_service_account_display_name}-sp" -# display_name = "${var.gcp_service_account_display_name}-sp" -#} -# -#resource "google_service_account_key" "userkey" { -# service_account_id = google_service_account.spanner_service_account.name -# public_key_type = "TYPE_X509_PEM_FILE" -#} -# -#resource "google_spanner_instance" "spanner_instance" { -# project = var.gcp_project_id -# config = var.spannerinstance["config"] -# name = var.spannerinstance["name"] -# display_name = var.spannerinstance["display_name"] -# num_nodes = var.spannerinstance["num_nodes"] -# labels = { -# "${var.spannerinstance["label_key"]}" = var.spannerinstance["label_value"] -# } -#} -# -#resource "google_spanner_instance_iam_binding" "instance" { -# project = var.gcp_project_id -# instance = google_spanner_instance.spanner_instance.name -# role = "roles/editor" -# -# members = [ -# "serviceAccount:${google_service_account.spanner_service_account.email}", -# ] -#} -# -#resource "google_spanner_database" "database" { -# project = var.gcp_project_id -# instance = google_spanner_instance.spanner_instance.name -# name = var.spannerdatabase["name"] -# ddl = [var.spannerdatabase["ddl"]] -#} -# -#resource "google_cloud_scheduler_job" "job" { -# project = var.gcp_project_id -# region = var.scheduler_job["region"] -# name = var.scheduler_job["name"] -# description = var.scheduler_job["description"] -# schedule = var.scheduler_job["schedule"] -# time_zone = var.scheduler_job["time_zone"] -# -# http_target { -# http_method = var.scheduler_job["http_method"] -# uri = var.scheduler_job["http_target_uri"] -# } -#} -# -#variable "service_perimeter" { -# type = any -#} -# -#resource "google_access_context_manager_service_perimeter" "service-perimeter" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" -# name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/servicePerimeters/${var.service_perimeter["name"]}" -# title = var.service_perimeter["title"] -# status { -# restricted_services = [var.service_perimeter["restricted_service"]] -# } -#} -# -#resource "google_access_context_manager_access_policy" "access-policy" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# parent = "organizations/${var.gcp_organization_id}" -# title = var.service_perimeter["policy_title"] -#} -# -#resource "google_access_context_manager_access_level" "access-level" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" -# name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/accessLevels/os_lock" -# title = "os_lock" -# basic { -# conditions { -# device_policy { -# require_screen_lock = true -# } -# regions = [ -# "CH", -# "IT", -# "US", -# ] -# } -# } -#} -# -#variable "firewall" { -# type = any -#} -# -#resource "google_compute_firewall" "mm-firewall" { -# project = var.gcp_project_id -# name = var.firewall["name"] -# enable_logging = true -# network = google_compute_network.inspec-gcp-network.name -# -# allow { -# protocol = "tcp" -# ports = ["80", "8080", "1000-2000"] -# } -# -# source_tags = [var.firewall["source_tag"]] -#} -# -#variable "address" { -# type = any -#} -# -#resource "google_compute_address" "internal_with_subnet_and_address" { -# project = var.gcp_project_id -# name = var.address["name"] -# subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link -# address_type = var.address["address_type"] -# address = var.address["address"] -# region = var.gcp_location -#} -# -#variable "instance_group" { -# type = any -#} -# -#resource "google_compute_instance_group" "inspec-instance-group" { -# project = var.gcp_project_id -# zone = var.gcp_zone -# name = var.instance_group["name"] -# description = var.instance_group["description"] -# -# named_port { -# name = var.instance_group["named_port_name"] -# port = var.instance_group["named_port_port"] -# } -#} -# -#variable "instance" { -# type = any -#} -# -#resource "google_compute_instance" "inspec-instance" { -# project = var.gcp_project_id -# zone = var.gcp_zone -# name = var.instance["name"] -# machine_type = var.instance["machine_type"] -# -# tags = [var.instance["tag_1"], var.instance["tag_2"]] -# -# boot_disk { -# initialize_params { -# image = "debian-cloud/debian-9" -# } -# } -# -# network_interface { -# network = "default" -# -# access_config { -# // Ephemeral IP -# } -# } -# -# metadata = { -# "${var.instance["metadata_key"]}" = var.instance["metadata_value"] -# } -# -# metadata_startup_script = var.instance["startup_script"] -# -# service_account { -# scopes = [var.instance["sa_scope"]] -# } -#} -# -#variable "network" { -# type = any -#} -# -#resource "google_compute_network" "inspec-network" { -# project = var.gcp_project_id -# name = var.network["name"] -# routing_mode = var.network["routing_mode"] -#} -# -#variable "subnetwork" { -# type = any -#} -# -#resource "google_compute_subnetwork" "subnet-with-logging" { -# project = var.gcp_project_id -# region = var.gcp_location -# name = var.subnetwork["name"] -# ip_cidr_range = var.subnetwork["ip_cidr_range"] -# network = google_compute_network.inspec-network.self_link -# -# log_config { -# aggregation_interval = var.subnetwork["log_interval"] -# flow_sampling = var.subnetwork["log_sampling"] -# metadata = var.subnetwork["log_metadata"] -# } -#} -# -#variable "rigm" { -# type = any -#} -# +variable "ssl_policy" { + type = any +} + +variable "topic" { + type = any +} + +variable "subscription" { + type = any +} + +variable "managed_zone" { + type = any +} + +variable "record_set" { + type = any +} + +variable "instance_group_manager" { + type = any +} + +variable "autoscaler" { + type = any +} + +variable "target_pool" { + type = any +} + +variable "trigger" { + type = any +} + +variable "health_check" { + type = any +} + +variable "backend_service" { + type = any +} + +variable "http_health_check" { + type = any +} + +variable "https_health_check" { + type = any +} + +variable "instance_template" { + type = any +} + +variable "global_address" { + type = any +} + +variable "url_map" { + type = any +} + +variable "http_proxy" { + type = any +} + +variable "global_forwarding_rule" { + type = any +} + +variable "target_tcp_proxy" { + type = any +} + +variable "route" { + type = any +} + +variable "router" { + type = any +} + +variable "snapshot" { + type = any +} + +variable "https_proxy" { + type = any +} + +variable "ssl_certificate" { + type = any +} + +variable "dataset" { + type = any +} + +variable "bigquery_table" { + type = any +} + +variable "repository" { + type = any +} + +variable "folder" { + type = any +} + +variable "gcp_organization_id" { + type = string + default = "none" +} + +variable "cloudfunction" { + type = any +} + +variable "backend_bucket" { + type = any +} + +variable "gcp_cloud_function_region" {} + +variable "regional_node_pool" { + type = any +} + +variable "region_backend_service_health_check" { + type = any +} + +variable "region_backend_service" { + type = any +} + +variable "org_sink" { + type = any +} + +variable "standardappversion" { + type = any +} + +variable "ml_model" { + type = any +} + +variable "dataproc_cluster" { + type = any +} + +variable "folder_exclusion" { + type = any +} + +variable "filestore_instance" { + type = any +} + +variable "folder_sink" { + type = any +} + +variable "runtimeconfig_config" { + type = any +} + +variable "runtimeconfig_variable" { + type = any +} + +variable "redis" { + type = any +} + +variable "network_endpoint_group" { + type = any +} + +variable "node_template" { + type = any +} + +variable "node_group" { + type = any +} + +variable "router_nat" { + type = any +} + +variable "service" { + type = any +} + +variable "spannerinstance" { + type = any +} + +variable "spannerdatabase" { + type = any +} + +variable "scheduler_job" { + type = any +} + + +resource "google_compute_ssl_policy" "custom-ssl-policy" { + name = var.ssl_policy["name"] + min_tls_version = var.ssl_policy["min_tls_version"] + profile = var.ssl_policy["profile"] + custom_features = [var.ssl_policy["custom_feature"], var.ssl_policy["custom_feature2"]] + project = var.gcp_project_id +} + +resource "google_pubsub_topic" "topic" { + project = var.gcp_project_id + name = var.topic["name"] +} + +resource "google_pubsub_subscription" "default" { + project = var.gcp_project_id + name = var.subscription["name"] + topic = google_pubsub_topic.topic.name + ack_deadline_seconds = var.subscription["ack_deadline_seconds"] +} + +resource "google_dns_managed_zone" "prod" { + name = var.managed_zone["name"] + dns_name = var.managed_zone["dns_name"] + description = var.managed_zone["description"] + + labels = { + key = var.managed_zone["label_value"] + } + project = var.gcp_project_id +} + +resource "google_dns_record_set" "a" { + name = var.record_set["name"] + managed_zone = google_dns_managed_zone.prod.name + type = var.record_set["type"] + ttl = var.record_set["ttl"] + + rrdatas = [var.record_set["rrdatas1"], var.record_set["rrdatas2"]] + project = var.gcp_project_id +} + +resource "google_compute_instance_group_manager" "gcp-inspec-igm" { + project = var.gcp_project_id + zone = var.gcp_zone + name = var.instance_group_manager["name"] + version { + instance_template = google_compute_instance_template.default.self_link + } + base_instance_name = var.instance_group_manager["base_instance_name"] + target_pools = [] + target_size = 0 + named_port { + name = var.instance_group_manager["named_port_name"] + port = var.instance_group_manager["named_port_port"] + } +} + +resource "google_compute_autoscaler" "gcp-inspec-autoscaler" { + project = var.gcp_project_id + name = var.autoscaler["name"] + zone = var.gcp_zone + target = google_compute_instance_group_manager.gcp-inspec-igm.self_link + + autoscaling_policy { + max_replicas = var.autoscaler["max_replicas"] + min_replicas = var.autoscaler["min_replicas"] + cooldown_period = var.autoscaler["cooldown_period"] + + cpu_utilization { + target = var.autoscaler["cpu_utilization_target"] + } + } +} + +resource "google_compute_target_pool" "gcp-inspec-target-pool" { + project = var.gcp_project_id + name = var.target_pool["name"] + session_affinity = var.target_pool["session_affinity"] + + instances = [ + "${var.gcp_zone}/${var.gcp_ext_vm_name}", + ] +} + +resource "google_cloudbuild_trigger" "gcp-inspec-cloudbuild-trigger" { + project = var.gcp_project_id + trigger_template { + branch_name = var.trigger["trigger_template_branch"] + project_id = var.trigger["trigger_template_project"] + repo_name = var.trigger["trigger_template_repo"] + } + filename = var.trigger["filename"] +} + +resource "google_compute_health_check" "gcp-inspec-health-check" { +project = var.gcp_project_id +name = var.health_check["name"] + +timeout_sec = var.health_check["timeout_sec"] +check_interval_sec = var.health_check["check_interval_sec"] + +tcp_health_check { + port = var.health_check["tcp_health_check_port"] +} +} + +resource "google_compute_backend_service" "gcp-inspec-backend-service" { + project = var.gcp_project_id + name = var.backend_service["name"] + description = var.backend_service["description"] + port_name = var.backend_service["port_name"] + protocol = var.backend_service["protocol"] + timeout_sec = var.backend_service["timeout_sec"] + enable_cdn = var.backend_service["enable_cdn"] + + backend { + group = google_compute_instance_group_manager.gcp-inspec-igm.instance_group + } + + health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] +} + +resource "google_compute_health_check" "gcp-inspec-region-backend-service-hc" { +project = var.gcp_project_id +name = var.region_backend_service_health_check["name"] + +timeout_sec = var.region_backend_service_health_check["timeout_sec"] +check_interval_sec = var.region_backend_service_health_check["check_interval_sec"] + +tcp_health_check { + port = var.region_backend_service_health_check["tcp_health_check_port"] +} +} + +resource "google_compute_region_backend_service" "gcp-inspec-region-backend-service" { + project = var.gcp_project_id + region = var.gcp_location + name = var.region_backend_service["name"] + description = var.region_backend_service["description"] + protocol = var.region_backend_service["protocol"] + timeout_sec = var.region_backend_service["timeout_sec"] + + health_checks = [google_compute_health_check.gcp-inspec-region-backend-service-hc.self_link] +} + +resource "google_compute_http_health_check" "gcp-inspec-http-health-check" { + project = var.gcp_project_id + name = var.http_health_check["name"] + request_path = var.http_health_check["request_path"] + + timeout_sec = var.http_health_check["timeout_sec"] + check_interval_sec = var.http_health_check["check_interval_sec"] +} + +resource "google_compute_https_health_check" "gcp-inspec-https-health-check" { + project = var.gcp_project_id + name = var.https_health_check["name"] + request_path = var.https_health_check["request_path"] + + timeout_sec = var.https_health_check["timeout_sec"] + check_interval_sec = var.https_health_check["check_interval_sec"] + unhealthy_threshold = var.https_health_check["unhealthy_threshold"] +} + +resource "google_compute_instance_template" "gcp-inspec-instance-template" { + project = var.gcp_project_id + name = var.instance_template["name"] + description = var.instance_template["description"] + + tags = [var.instance_template["tag"]] + + instance_description = var.instance_template["instance_description"] + machine_type = var.instance_template["machine_type"] + can_ip_forward = var.instance_template["can_ip_forward"] + + scheduling { + automatic_restart = var.instance_template["scheduling_automatic_restart"] + on_host_maintenance = var.instance_template["scheduling_on_host_maintenance"] + } + + // Create a new boot disk from an image + disk { + source_image = var.instance_template["disk_source_image"] + auto_delete = var.instance_template["disk_auto_delete"] + boot = var.instance_template["disk_boot"] + } + + network_interface { + network = var.instance_template["network_interface_network"] + } + + service_account { + scopes = [var.instance_template["service_account_scope"]] + } +} + +resource "google_compute_global_address" "gcp-inspec-global-address" { + project = var.gcp_project_id + name = var.global_address["name"] + ip_version = var.global_address["ip_version"] +} + +resource "google_compute_url_map" "gcp-inspec-url-map" { + project = var.gcp_project_id + name = var.url_map["name"] + description = var.url_map["description"] + + default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link + + host_rule { + hosts = [var.url_map["host_rule_host"]] + path_matcher = var.url_map["path_matcher_name"] + } + + path_matcher { + name = var.url_map["path_matcher_name"] + default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link + + path_rule { + paths = [var.url_map["path_rule_path"]] + service = google_compute_backend_service.gcp-inspec-backend-service.self_link + } + } + + test { + service = google_compute_backend_service.gcp-inspec-backend-service.self_link + host = var.url_map["test_host"] + path = var.url_map["test_path"] + } +} + +resource "google_compute_target_http_proxy" "gcp-inspec-http-proxy" { + project = var.gcp_project_id + name = var.http_proxy["name"] + url_map = google_compute_url_map.gcp-inspec-url-map.self_link + description = var.http_proxy["description"] +} + +resource "google_compute_global_forwarding_rule" "gcp-inspec-global-forwarding-rule" { + project = var.gcp_project_id + name = var.global_forwarding_rule["name"] + target = google_compute_target_http_proxy.gcp-inspec-http-proxy.self_link + port_range = var.global_forwarding_rule["port_range"] +} + +resource "google_compute_backend_service" "gcp-inspec-tcp-backend-service" { + project = var.gcp_project_id + name = var.target_tcp_proxy["tcp_backend_service_name"] + protocol = "TCP" + timeout_sec = 10 + + health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] +} + +resource "google_compute_target_tcp_proxy" "gcp-inspec-target-tcp-proxy" { + project = var.gcp_project_id + name = var.target_tcp_proxy["name"] + proxy_header = var.target_tcp_proxy["proxy_header"] + backend_service = google_compute_backend_service.gcp-inspec-tcp-backend-service.self_link +} + +resource "google_compute_route" "gcp-inspec-route" { + project = var.gcp_project_id + name = var.route["name"] + dest_range = var.route["dest_range"] + network = google_compute_network.inspec-gcp-network.name + next_hop_ip = var.route["next_hop_ip"] + priority = var.route["priority"] + # google_compute_route depends on next_hop_ip belonging to a subnetwork + # of the named network in this block. Since inspec-gcp-network does not + # automatically create subnetworks, we need to create a dependency so + # the route is not created before the subnetwork + depends_on = [google_compute_subnetwork.inspec-gcp-subnetwork] +} + +resource "google_compute_router" "gcp-inspec-router" { + project = var.gcp_project_id + name = var.router["name"] + network = google_compute_network.inspec-gcp-network.name + bgp { + asn = var.router["bgp_asn"] + advertise_mode = var.router["bgp_advertise_mode"] + advertised_groups = [var.router["bgp_advertised_group"]] + advertised_ip_ranges { + range = var.router["bgp_advertised_ip_range1"] + } + advertised_ip_ranges { + range = var.router["bgp_advertised_ip_range2"] + } + } +} + +resource "google_compute_disk" "snapshot-disk" { + project = var.gcp_project_id + name = var.snapshot["disk_name"] + type = var.snapshot["disk_type"] + zone = var.gcp_zone + image = var.snapshot["disk_image"] + labels = { + environment = "generic_compute_disk_label" + } +} + +resource "google_compute_snapshot" "gcp-inspec-snapshot" { + project = var.gcp_project_id + name = var.snapshot["name"] + source_disk = google_compute_disk.snapshot-disk.name + zone = var.gcp_zone +} + +resource "google_compute_ssl_certificate" "gcp-inspec-ssl-certificate" { + project = var.gcp_project_id + name = var.ssl_certificate["name"] + private_key = var.ssl_certificate["private_key"] + certificate = var.ssl_certificate["certificate"] + description = var.ssl_certificate["description"] +} + +resource "google_compute_target_https_proxy" "gcp-inspec-https-proxy" { + project = var.gcp_project_id + name = var.https_proxy["name"] + url_map = google_compute_url_map.gcp-inspec-url-map.self_link + description = var.https_proxy["description"] + ssl_certificates = [google_compute_ssl_certificate.gcp-inspec-ssl-certificate.self_link] +} + +resource "google_bigquery_dataset" "gcp-inspec-dataset" { + project = var.gcp_project_id + dataset_id = var.dataset["dataset_id"] + friendly_name = var.dataset["friendly_name"] + description = var.dataset["description"] + location = var.dataset["location"] + default_table_expiration_ms = var.dataset["default_table_expiration_ms"] + + access { + role = var.dataset["access_writer_role"] + special_group = var.dataset["access_writer_special_group"] + } + + access { + role = "OWNER" + special_group = "projectOwners" + } +} + +resource "google_bigquery_table" "gcp-inspec-bigquery-table" { + project = var.gcp_project_id + dataset_id = google_bigquery_dataset.gcp-inspec-dataset.dataset_id + table_id = var.bigquery_table["table_id"] + + time_partitioning { + type = var.bigquery_table["time_partitioning_type"] + } + + description = var.bigquery_table["description"] + expiration_time = var.bigquery_table["expiration_time"] +} + +resource "google_sourcerepo_repository" "gcp-inspec-sourcerepo-repository" { + project = var.gcp_project_id + name = var.repository["name"] +} + +resource "google_folder" "inspec-gcp-folder" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + display_name = var.folder["display_name"] + parent = "organizations/${var.gcp_organization_id}" +} + +resource "google_storage_bucket_object" "archive" { + name = "index.js.zip" + bucket = google_storage_bucket.generic-storage-bucket.name + source = "../configuration/index.js.zip" +} + +resource "google_cloudfunctions_function" "function" { + project = var.gcp_project_id + region = var.gcp_cloud_function_region + name = var.cloudfunction["name"] + description = var.cloudfunction["description"] + available_memory_mb = var.cloudfunction["available_memory_mb"] + source_archive_bucket = google_storage_bucket.generic-storage-bucket.name + source_archive_object = google_storage_bucket_object.archive.name + trigger_http = var.cloudfunction["trigger_http"] + timeout = var.cloudfunction["timeout"] + entry_point = var.cloudfunction["entry_point"] + runtime = "nodejs8" + + environment_variables = { + MY_ENV_VAR = var.cloudfunction["env_var_value"] + } +} + +resource "google_compute_backend_bucket" "image_backend" { + project = var.gcp_project_id + name = var.backend_bucket["name"] + description = var.backend_bucket["description"] + bucket_name = google_storage_bucket.generic-storage-bucket.name + enable_cdn = var.backend_bucket["enable_cdn"] +} + +resource "google_container_node_pool" "inspec-gcp-node-pool" { + project = var.gcp_project_id + name = var.regional_node_pool["name"] + location = google_container_cluster.primary.location + cluster = google_container_cluster.primary.name + node_count = var.regional_node_pool["node_count"] +} + +resource "google_logging_organization_sink" "my-sink" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + name = var.org_sink.name + org_id = var.gcp_organization_id + + # Can export to pubsub, cloud storage, or bigquery + destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" + + # Log all WARN or higher severity messages relating to instances + filter = var.org_sink.filter +} + +variable "project_sink" { + type = any +} + +resource "google_logging_project_sink" "project-logging-sink" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + project = var.gcp_project_id + + name = var.project_sink.name + destination = "storage.googleapis.com/${google_storage_bucket.project-logging-bucket[0].name}" + + filter = var.project_sink.filter + + unique_writer_identity = true +} + +resource "google_storage_bucket" "bucket" { + name = "inspec-gcp-static-${var.gcp_project_id}" + project = var.gcp_project_id + location = var.gcp_location + force_destroy = true + + labels = { + "key" = "value" + } + + retention_policy { + retention_period = 1000 + } +} + +resource "google_storage_bucket_object" "object" { + name = "hello-world.zip" + bucket = google_storage_bucket.bucket.name + source = "../configuration/hello-world.zip" +} + +resource "google_app_engine_standard_app_version" "default" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + project = var.gcp_project_id + version_id = var.standardappversion["version_id"] + service = var.standardappversion["service"] + runtime = var.standardappversion["runtime"] + noop_on_destroy = true + entrypoint { + shell = var.standardappversion["entrypoint"] + } + + deployment { + zip { + source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" + } + } + + env_variables = { + port = var.standardappversion["port"] + } +} + +resource "google_ml_engine_model" "inspec-gcp-model" { + project = var.gcp_project_id + name = var.ml_model["name"] + description = var.ml_model["description"] + regions = [var.ml_model["region"]] + online_prediction_logging = var.ml_model["online_prediction_logging"] + online_prediction_console_logging = var.ml_model["online_prediction_console_logging"] +} + +resource "google_compute_firewall" "dataproc" { + project = var.gcp_project_id + name = "dataproc-firewall" + network = google_compute_network.dataproc.name + + source_ranges = ["10.128.0.0/9"] + allow { + protocol = "icmp" + } + + allow { + protocol = "tcp" + ports = ["0-65535"] + } + allow { + protocol = "udp" + ports = ["0-65535"] + } +} + +resource "google_compute_network" "dataproc" { + project = var.gcp_project_id + name = "dataproc-network" +} + +resource "google_dataproc_cluster" "mycluster" { + project = var.gcp_project_id + region = var.gcp_location + name = var.dataproc_cluster["name"] + + labels = { + "${var.dataproc_cluster["label_key"]}" = var.dataproc_cluster["label_value"] + } + + cluster_config { + master_config { + num_instances = var.dataproc_cluster["config"]["master_config"]["num_instances"] + machine_type = var.dataproc_cluster["config"]["master_config"]["machine_type"] + disk_config { + boot_disk_type = var.dataproc_cluster["config"]["master_config"]["boot_disk_type"] + boot_disk_size_gb = var.dataproc_cluster["config"]["master_config"]["boot_disk_size_gb"] + } + } + + worker_config { + num_instances = var.dataproc_cluster["config"]["worker_config"]["num_instances"] + machine_type = var.dataproc_cluster["config"]["worker_config"]["machine_type"] + disk_config { + boot_disk_size_gb = var.dataproc_cluster["config"]["worker_config"]["boot_disk_size_gb"] + num_local_ssds = var.dataproc_cluster["config"]["worker_config"]["num_local_ssds"] + } + } + + # Override or set some custom properties + software_config { + override_properties = { + "${var.dataproc_cluster["config"]["software_config"]["prop_key"]}" = var.dataproc_cluster["config"]["software_config"]["prop_value"] + } + } + + gce_cluster_config { + network = google_compute_network.dataproc.self_link + tags = [var.dataproc_cluster["config"]["gce_cluster_config"]["tag"]] + } + } +} + +resource "google_logging_folder_exclusion" "my-exclusion" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + name = var.folder_exclusion["name"] + folder = google_folder.inspec-gcp-folder.0.name + + description = var.folder_exclusion["description"] + + filter = var.folder_exclusion["filter"] +} + +variable "project_exclusion" { + type = any +} + +resource "google_logging_project_exclusion" "project-exclusion" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + name = var.project_exclusion["name"] + project = var.gcp_project_id + + description = var.project_exclusion["description"] + + filter = var.project_exclusion["filter"] +} + +resource "google_filestore_instance" "instance" { + project = var.gcp_project_id + name = var.filestore_instance["name"] + zone = var.filestore_instance["zone"] + tier = var.filestore_instance["tier"] + + file_shares { + capacity_gb = var.filestore_instance["fileshare_capacity_gb"] + name = var.filestore_instance["fileshare_name"] + } + + networks { + network = var.filestore_instance["network_name"] + modes = [var.filestore_instance["network_mode"]] + } +} + +resource "google_logging_folder_sink" "folder-sink" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + name = var.folder_sink.name + folder = google_folder.inspec-gcp-folder.0.name + + destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" + + filter = var.folder_sink.filter +} + +resource "google_runtimeconfig_config" "inspec-runtime-config" { + project = var.gcp_project_id + name = var.runtimeconfig_config["name"] + description = var.runtimeconfig_config["description"] +} + +resource "google_runtimeconfig_variable" "inspec-runtime-variable" { + project = var.gcp_project_id + parent = google_runtimeconfig_config.inspec-runtime-config.name + name = var.runtimeconfig_variable["name"] + text = var.runtimeconfig_variable["text"] +} + +resource "google_redis_instance" "inspec-redis" { + project = var.gcp_project_id + name = var.redis["name"] + tier = var.redis["tier"] + memory_size_gb = var.redis["memory_size_gb"] + + location_id = var.redis["location_id"] + alternative_location_id = var.redis["alternative_location_id"] + + redis_version = var.redis["redis_version"] + display_name = var.redis["display_name"] + reserved_ip_range = var.redis["reserved_ip_range"] + + labels = { + "${var.redis["label_key"]}" = var.redis["label_value"] + } +} + +resource "google_compute_network_endpoint_group" "inspec-endpoint-group" { + project = var.gcp_project_id + name = var.network_endpoint_group["name"] + network = google_compute_subnetwork.inspec-gcp-subnetwork.network + subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link + default_port = var.network_endpoint_group["default_port"] + zone = var.gcp_zone +} + +data "google_compute_node_types" "zone-node-type" { + project = var.gcp_project_id + zone = var.gcp_zone +} + +resource "google_compute_node_template" "inspec-template" { + project = var.gcp_project_id + region = var.gcp_location + + name = var.node_template["name"] + node_type = data.google_compute_node_types.zone-node-type.names[0] + + node_affinity_labels = { + "${var.node_template["label_key"]}" = var.node_template["label_value"] + } +} + +resource "google_compute_node_group" "inspec-node-group" { + project = var.gcp_project_id + name = var.node_group["name"] + zone = var.gcp_zone + description = var.node_group["description"] + + size = var.node_group["size"] + node_template = google_compute_node_template.inspec-template.self_link +} + +resource "google_compute_router_nat" "inspec-nat" { + project = var.gcp_project_id + name = var.router_nat["name"] + router = google_compute_router.gcp-inspec-router.name + region = google_compute_router.gcp-inspec-router.region + nat_ip_allocate_option = var.router_nat["nat_ip_allocate_option"] + source_subnetwork_ip_ranges_to_nat = var.router_nat["source_subnetwork_ip_ranges_to_nat"] + min_ports_per_vm = var.router_nat["min_ports_per_vm"] + + log_config { + enable = var.router_nat["log_config_enable"] + filter = var.router_nat["log_config_filter"] + } +} + +resource "google_project_service" "project" { + project = var.gcp_project_id + service = var.service["name"] +} + +resource "google_service_account" "spanner_service_account" { + project = var.gcp_project_id + account_id = "${var.gcp_service_account_display_name}-sp" + display_name = "${var.gcp_service_account_display_name}-sp" +} + +resource "google_service_account_key" "userkey" { + service_account_id = google_service_account.spanner_service_account.name + public_key_type = "TYPE_X509_PEM_FILE" +} + +resource "google_spanner_instance" "spanner_instance" { + project = var.gcp_project_id + config = var.spannerinstance["config"] + name = var.spannerinstance["name"] + display_name = var.spannerinstance["display_name"] + num_nodes = var.spannerinstance["num_nodes"] + labels = { + "${var.spannerinstance["label_key"]}" = var.spannerinstance["label_value"] + } +} + +resource "google_spanner_instance_iam_binding" "instance" { + project = var.gcp_project_id + instance = google_spanner_instance.spanner_instance.name + role = "roles/editor" + + members = [ + "serviceAccount:${google_service_account.spanner_service_account.email}", + ] +} + +resource "google_spanner_database" "database" { + project = var.gcp_project_id + instance = google_spanner_instance.spanner_instance.name + name = var.spannerdatabase["name"] + ddl = [var.spannerdatabase["ddl"]] +} + +resource "google_cloud_scheduler_job" "job" { + project = var.gcp_project_id + region = var.scheduler_job["region"] + name = var.scheduler_job["name"] + description = var.scheduler_job["description"] + schedule = var.scheduler_job["schedule"] + time_zone = var.scheduler_job["time_zone"] + + http_target { + http_method = var.scheduler_job["http_method"] + uri = var.scheduler_job["http_target_uri"] + } +} + +variable "service_perimeter" { + type = any +} + +resource "google_access_context_manager_service_perimeter" "service-perimeter" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/servicePerimeters/${var.service_perimeter["name"]}" + title = var.service_perimeter["title"] + status { + restricted_services = [var.service_perimeter["restricted_service"]] + } +} + +resource "google_access_context_manager_access_policy" "access-policy" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + parent = "organizations/${var.gcp_organization_id}" + title = var.service_perimeter["policy_title"] +} + +resource "google_access_context_manager_access_level" "access-level" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/accessLevels/os_lock" + title = "os_lock" + basic { + conditions { + device_policy { + require_screen_lock = true + } + regions = [ + "CH", + "IT", + "US", + ] + } + } +} + +variable "firewall" { + type = any +} + +resource "google_compute_firewall" "mm-firewall" { + project = var.gcp_project_id + name = var.firewall["name"] + enable_logging = true + network = google_compute_network.inspec-gcp-network.name + + allow { + protocol = "tcp" + ports = ["80", "8080", "1000-2000"] + } + + source_tags = [var.firewall["source_tag"]] +} + +variable "address" { + type = any +} + +resource "google_compute_address" "internal_with_subnet_and_address" { + project = var.gcp_project_id + name = var.address["name"] + subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link + address_type = var.address["address_type"] + address = var.address["address"] + region = var.gcp_location +} + +variable "instance_group" { + type = any +} + +resource "google_compute_instance_group" "inspec-instance-group" { + project = var.gcp_project_id + zone = var.gcp_zone + name = var.instance_group["name"] + description = var.instance_group["description"] + + named_port { + name = var.instance_group["named_port_name"] + port = var.instance_group["named_port_port"] + } +} + +variable "instance" { + type = any +} + +resource "google_compute_instance" "inspec-instance" { + project = var.gcp_project_id + zone = var.gcp_zone + name = var.instance["name"] + machine_type = var.instance["machine_type"] + + tags = [var.instance["tag_1"], var.instance["tag_2"]] + + boot_disk { + initialize_params { + image = "debian-cloud/debian-9" + } + } + + network_interface { + network = "default" + + access_config { + // Ephemeral IP + } + } + + metadata = { + "${var.instance["metadata_key"]}" = var.instance["metadata_value"] + } + + metadata_startup_script = var.instance["startup_script"] + + service_account { + scopes = [var.instance["sa_scope"]] + } +} + +variable "network" { + type = any +} + +resource "google_compute_network" "inspec-network" { + project = var.gcp_project_id + name = var.network["name"] + routing_mode = var.network["routing_mode"] +} + +variable "subnetwork" { + type = any +} + +resource "google_compute_subnetwork" "subnet-with-logging" { + project = var.gcp_project_id + region = var.gcp_location + name = var.subnetwork["name"] + ip_cidr_range = var.subnetwork["ip_cidr_range"] + network = google_compute_network.inspec-network.self_link + + log_config { + aggregation_interval = var.subnetwork["log_interval"] + flow_sampling = var.subnetwork["log_sampling"] + metadata = var.subnetwork["log_metadata"] + } +} + +variable "rigm" { + type = any +} + variable "sql_connect" { type = any } -# -#resource "google_compute_region_instance_group_manager" "inspec-rigm" { -# project = var.gcp_project_id -# region = var.gcp_location -# name = var.rigm["name"] -# -# base_instance_name = var.rigm["base_instance_name"] -# -# version { -# instance_template = google_compute_instance_template.gcp-inspec-instance-template.self_link -# } -# -# target_pools = [google_compute_target_pool.gcp-inspec-target-pool.self_link] -# target_size = var.rigm["target_size"] -# -# named_port { -# name = var.rigm["named_port_name"] -# port = var.rigm["named_port_port"] -# } -# -# auto_healing_policies { -# health_check = google_compute_health_check.gcp-inspec-health-check.self_link -# initial_delay_sec = var.rigm["healing_delay"] -# } -#} -# -#variable "vpn_tunnel" { -# type = any -#} -# -#resource "google_compute_vpn_tunnel" "tunnel1" { -# project = var.gcp_project_id -# name = var.vpn_tunnel["name"] -# peer_ip = var.vpn_tunnel["peer_ip"] -# shared_secret = var.vpn_tunnel["shared_secret"] -# -# remote_traffic_selector = ["0.0.0.0/0"] -# local_traffic_selector = ["0.0.0.0/0"] -# target_vpn_gateway = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link -# -# depends_on = [ -# google_compute_forwarding_rule.inspec-gcp-fr-esp, -# google_compute_forwarding_rule.inspec-gcp-fr-udp500, -# google_compute_forwarding_rule.inspec-gcp-fr-udp4500, -# ] -#} -# -#variable "alert_policy" { -# type = any -#} -# -#resource "google_monitoring_alert_policy" "alert_policy" { -# project = var.gcp_project_id -# display_name = var.alert_policy["display_name"] -# combiner = var.alert_policy["combiner"] -# conditions { -# display_name = var.alert_policy["condition_display_name"] -# condition_threshold { -# filter = var.alert_policy["condition_filter"] -# duration = var.alert_policy["condition_duration"] -# comparison = var.alert_policy["condition_comparison"] -# aggregations { -# alignment_period = "60s" -# per_series_aligner = "ALIGN_RATE" -# } -# } -# } -#} -# -#variable "dns_managed_zone" { -# type = any -#} -# -#variable "gcp_dns_zone_name" {} -# -#resource "google_dns_managed_zone" "example-zone" { -# project = var.gcp_project_id -# name = var.dns_managed_zone["name"] -# dns_name = "${var.gcp_dns_zone_name}" -# description = var.dns_managed_zone["description"] -# dnssec_config { -# state = var.dns_managed_zone["dnssec_config_state"] -# default_key_specs { -# algorithm = "rsasha256" -# key_type = "zoneSigning" -# key_length = 2048 -# } -# default_key_specs { -# algorithm = "rsasha512" -# key_type = "keySigning" -# key_length = 2048 -# } -# } -#} -# -#variable "logging_metric" { -# type = any -#} -# -#resource "google_logging_metric" "logging_metric" { -# project = var.gcp_project_id -# name = var.logging_metric["name"] -# filter = var.logging_metric["filter"] -# metric_descriptor { -# metric_kind = var.logging_metric["metric_kind"] -# value_type = var.logging_metric["value_type"] -# } -#} -# -#variable "compute_image" { -# type = any -#} -# -#resource "google_compute_image" "example" { -# project = var.gcp_project_id -# name = var.compute_image["name"] -# -# raw_disk { -# source = var.compute_image["source"] -# } -#} -# -#variable "gcp_organization_iam_custom_role_id" {} -# -#resource "google_organization_iam_custom_role" "generic_org_iam_custom_role" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# org_id = var.gcp_organization_id -# role_id = var.gcp_organization_iam_custom_role_id -# title = "GCP Inspec Generic Organization IAM Custom Role" -# description = "Custom role allowing to list IAM roles only" -# permissions = ["iam.roles.list"] -#} -# -#variable "security_policy" { -# type = any -#} -# -#resource "google_compute_security_policy" "policy" { -# project = var.gcp_project_id -# name = var.security_policy["name"] -# -# rule { -# action = var.security_policy["action"] -# priority = var.security_policy["priority"] -# match { -# versioned_expr = "SRC_IPS_V1" -# config { -# src_ip_ranges = [var.security_policy["ip_range"]] -# } -# } -# description = var.security_policy["description"] -# } -# -# rule { -# action = "allow" -# priority = "2147483647" -# match { -# versioned_expr = "SRC_IPS_V1" -# config { -# src_ip_ranges = ["*"] -# } -# } -# description = "default rule" -# } -#} -# -#variable "memcache_instance" { -# type = any -#} -# -#resource "google_compute_network" "memcache_network" { -# provider = google-beta -# project = var.gcp_project_id -# name = "inspec-gcp-memcache" -#} -# -#resource "google_compute_global_address" "service_range" { -# provider = google-beta -# project = var.gcp_project_id -# name = "inspec-gcp-memcache" -# purpose = "VPC_PEERING" -# address_type = "INTERNAL" -# prefix_length = 16 -# network = google_compute_network.memcache_network.id -#} -# -#resource "google_service_networking_connection" "private_service_connection" { -# provider = google-beta -# network = google_compute_network.memcache_network.id -# service = "servicenetworking.googleapis.com" -# reserved_peering_ranges = [google_compute_global_address.service_range.name] -#} -# -#resource "google_memcache_instance" "instance" { -# provider = google-beta -# name = var.memcache_instance["name"] -# project = var.gcp_project_id -# region = var.gcp_location -# authorized_network = google_service_networking_connection.private_service_connection.network -# -# node_config { -# cpu_count = 1 -# memory_size_mb = 1024 -# } -# node_count = 1 -#} -# -#resource "google_compute_interconnect_attachment" "on_prem" { -# name = "on-prem-attachment" -# edge_availability_domain = "AVAILABILITY_DOMAIN_1" -# type = "PARTNER" -# router = google_compute_router.gcp-inspec-router.id -# mtu = 1500 -#} -# + +resource "google_compute_region_instance_group_manager" "inspec-rigm" { + project = var.gcp_project_id + region = var.gcp_location + name = var.rigm["name"] + + base_instance_name = var.rigm["base_instance_name"] + + version { + instance_template = google_compute_instance_template.gcp-inspec-instance-template.self_link + } + + target_pools = [google_compute_target_pool.gcp-inspec-target-pool.self_link] + target_size = var.rigm["target_size"] + + named_port { + name = var.rigm["named_port_name"] + port = var.rigm["named_port_port"] + } + + auto_healing_policies { + health_check = google_compute_health_check.gcp-inspec-health-check.self_link + initial_delay_sec = var.rigm["healing_delay"] + } +} + +variable "vpn_tunnel" { + type = any +} + +resource "google_compute_vpn_tunnel" "tunnel1" { + project = var.gcp_project_id + name = var.vpn_tunnel["name"] + peer_ip = var.vpn_tunnel["peer_ip"] + shared_secret = var.vpn_tunnel["shared_secret"] + + remote_traffic_selector = ["0.0.0.0/0"] + local_traffic_selector = ["0.0.0.0/0"] + target_vpn_gateway = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link + + depends_on = [ + google_compute_forwarding_rule.inspec-gcp-fr-esp, + google_compute_forwarding_rule.inspec-gcp-fr-udp500, + google_compute_forwarding_rule.inspec-gcp-fr-udp4500, + ] +} + +variable "alert_policy" { + type = any +} + +resource "google_monitoring_alert_policy" "alert_policy" { + project = var.gcp_project_id + display_name = var.alert_policy["display_name"] + combiner = var.alert_policy["combiner"] + conditions { + display_name = var.alert_policy["condition_display_name"] + condition_threshold { + filter = var.alert_policy["condition_filter"] + duration = var.alert_policy["condition_duration"] + comparison = var.alert_policy["condition_comparison"] + aggregations { + alignment_period = "60s" + per_series_aligner = "ALIGN_RATE" + } + } + } +} + +variable "dns_managed_zone" { + type = any +} + +variable "gcp_dns_zone_name" {} + +resource "google_dns_managed_zone" "example-zone" { + project = var.gcp_project_id + name = var.dns_managed_zone["name"] + dns_name = "${var.gcp_dns_zone_name}" + description = var.dns_managed_zone["description"] + dnssec_config { + state = var.dns_managed_zone["dnssec_config_state"] + default_key_specs { + algorithm = "rsasha256" + key_type = "zoneSigning" + key_length = 2048 + } + default_key_specs { + algorithm = "rsasha512" + key_type = "keySigning" + key_length = 2048 + } + } +} + +variable "logging_metric" { + type = any +} + +resource "google_logging_metric" "logging_metric" { + project = var.gcp_project_id + name = var.logging_metric["name"] + filter = var.logging_metric["filter"] + metric_descriptor { + metric_kind = var.logging_metric["metric_kind"] + value_type = var.logging_metric["value_type"] + } +} + +variable "compute_image" { + type = any +} + +resource "google_compute_image" "example" { + project = var.gcp_project_id + name = var.compute_image["name"] + + raw_disk { + source = var.compute_image["source"] + } +} + +variable "gcp_organization_iam_custom_role_id" {} + +resource "google_organization_iam_custom_role" "generic_org_iam_custom_role" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + org_id = var.gcp_organization_id + role_id = var.gcp_organization_iam_custom_role_id + title = "GCP Inspec Generic Organization IAM Custom Role" + description = "Custom role allowing to list IAM roles only" + permissions = ["iam.roles.list"] +} + +variable "security_policy" { + type = any +} + +resource "google_compute_security_policy" "policy" { + project = var.gcp_project_id + name = var.security_policy["name"] + + rule { + action = var.security_policy["action"] + priority = var.security_policy["priority"] + match { + versioned_expr = "SRC_IPS_V1" + config { + src_ip_ranges = [var.security_policy["ip_range"]] + } + } + description = var.security_policy["description"] + } + + rule { + action = "allow" + priority = "2147483647" + match { + versioned_expr = "SRC_IPS_V1" + config { + src_ip_ranges = ["*"] + } + } + description = "default rule" + } +} + +variable "memcache_instance" { + type = any +} + +resource "google_compute_network" "memcache_network" { + provider = google-beta + project = var.gcp_project_id + name = "inspec-gcp-memcache" +} + +resource "google_compute_global_address" "service_range" { + provider = google-beta + project = var.gcp_project_id + name = "inspec-gcp-memcache" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.memcache_network.id +} + +resource "google_service_networking_connection" "private_service_connection" { + provider = google-beta + network = google_compute_network.memcache_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.service_range.name] +} + +resource "google_memcache_instance" "instance" { + provider = google-beta + name = var.memcache_instance["name"] + project = var.gcp_project_id + region = var.gcp_location + authorized_network = google_service_networking_connection.private_service_connection.network + + node_config { + cpu_count = 1 + memory_size_mb = 1024 + } + node_count = 1 +} + +resource "google_compute_interconnect_attachment" "on_prem" { + name = "on-prem-attachment" + edge_availability_domain = "AVAILABILITY_DOMAIN_1" + type = "PARTNER" + router = google_compute_router.gcp-inspec-router.id + mtu = 1500 +} + resource "google_sql_ssl_cert" "client_cert" { common_name = var.sql_connect["common_name"] instance = var.gcp_db_instance_name @@ -1344,4 +1344,4 @@ resource "google_data_loss_prevention_stored_info_type" "basic" { pattern = "patient" group_indexes = [2] } -} \ No newline at end of file +} diff --git a/build/inspec/test/integration/build/gcp-mm.tf b/build/inspec/test/integration/build/gcp-mm.tf index 53de3d66a..fa2bd84fc 100644 --- a/build/inspec/test/integration/build/gcp-mm.tf +++ b/build/inspec/test/integration/build/gcp-mm.tf @@ -1,1335 +1,1335 @@ -#variable "ssl_policy" { -# type = any -#} -# -#variable "topic" { -# type = any -#} -# -#variable "subscription" { -# type = any -#} -# -#variable "managed_zone" { -# type = any -#} -# -#variable "record_set" { -# type = any -#} -# -#variable "instance_group_manager" { -# type = any -#} -# -#variable "autoscaler" { -# type = any -#} -# -#variable "target_pool" { -# type = any -#} -# -#variable "trigger" { -# type = any -#} -# -#variable "health_check" { -# type = any -#} -# -#variable "backend_service" { -# type = any -#} -# -#variable "http_health_check" { -# type = any -#} -# -#variable "https_health_check" { -# type = any -#} -# -#variable "instance_template" { -# type = any -#} -# -#variable "global_address" { -# type = any -#} -# -#variable "url_map" { -# type = any -#} -# -#variable "http_proxy" { -# type = any -#} -# -#variable "global_forwarding_rule" { -# type = any -#} -# -#variable "target_tcp_proxy" { -# type = any -#} -# -#variable "route" { -# type = any -#} -# -#variable "router" { -# type = any -#} -# -#variable "snapshot" { -# type = any -#} -# -#variable "https_proxy" { -# type = any -#} -# -#variable "ssl_certificate" { -# type = any -#} -# -#variable "dataset" { -# type = any -#} -# -#variable "bigquery_table" { -# type = any -#} -# -#variable "repository" { -# type = any -#} -# -#variable "folder" { -# type = any -#} -# -#variable "gcp_organization_id" { -# type = string -# default = "none" -#} -# -#variable "cloudfunction" { -# type = any -#} -# -#variable "backend_bucket" { -# type = any -#} -# -#variable "gcp_cloud_function_region" {} -# -#variable "regional_node_pool" { -# type = any -#} -# -#variable "region_backend_service_health_check" { -# type = any -#} -# -#variable "region_backend_service" { -# type = any -#} -# -#variable "org_sink" { -# type = any -#} -# -#variable "standardappversion" { -# type = any -#} -# -#variable "ml_model" { -# type = any -#} -# -#variable "dataproc_cluster" { -# type = any -#} -# -#variable "folder_exclusion" { -# type = any -#} -# -#variable "filestore_instance" { -# type = any -#} -# -#variable "folder_sink" { -# type = any -#} -# -#variable "runtimeconfig_config" { -# type = any -#} -# -#variable "runtimeconfig_variable" { -# type = any -#} -# -#variable "redis" { -# type = any -#} -# -#variable "network_endpoint_group" { -# type = any -#} -# -#variable "node_template" { -# type = any -#} -# -#variable "node_group" { -# type = any -#} -# -#variable "router_nat" { -# type = any -#} -# -#variable "service" { -# type = any -#} -# -#variable "spannerinstance" { -# type = any -#} -# -#variable "spannerdatabase" { -# type = any -#} -# -#variable "scheduler_job" { -# type = any -#} -# -# -#resource "google_compute_ssl_policy" "custom-ssl-policy" { -# name = var.ssl_policy["name"] -# min_tls_version = var.ssl_policy["min_tls_version"] -# profile = var.ssl_policy["profile"] -# custom_features = [var.ssl_policy["custom_feature"], var.ssl_policy["custom_feature2"]] -# project = var.gcp_project_id -#} -# -#resource "google_pubsub_topic" "topic" { -# project = var.gcp_project_id -# name = var.topic["name"] -#} -# -#resource "google_pubsub_subscription" "default" { -# project = var.gcp_project_id -# name = var.subscription["name"] -# topic = google_pubsub_topic.topic.name -# ack_deadline_seconds = var.subscription["ack_deadline_seconds"] -#} -# -#resource "google_dns_managed_zone" "prod" { -# name = var.managed_zone["name"] -# dns_name = var.managed_zone["dns_name"] -# description = var.managed_zone["description"] -# -# labels = { -# key = var.managed_zone["label_value"] -# } -# project = var.gcp_project_id -#} -# -#resource "google_dns_record_set" "a" { -# name = var.record_set["name"] -# managed_zone = google_dns_managed_zone.prod.name -# type = var.record_set["type"] -# ttl = var.record_set["ttl"] -# -# rrdatas = [var.record_set["rrdatas1"], var.record_set["rrdatas2"]] -# project = var.gcp_project_id -#} -# -#resource "google_compute_instance_group_manager" "gcp-inspec-igm" { -# project = var.gcp_project_id -# zone = var.gcp_zone -# name = var.instance_group_manager["name"] -# version { -# instance_template = google_compute_instance_template.default.self_link -# } -# base_instance_name = var.instance_group_manager["base_instance_name"] -# target_pools = [] -# target_size = 0 -# named_port { -# name = var.instance_group_manager["named_port_name"] -# port = var.instance_group_manager["named_port_port"] -# } -#} -# -#resource "google_compute_autoscaler" "gcp-inspec-autoscaler" { -# project = var.gcp_project_id -# name = var.autoscaler["name"] -# zone = var.gcp_zone -# target = google_compute_instance_group_manager.gcp-inspec-igm.self_link -# -# autoscaling_policy { -# max_replicas = var.autoscaler["max_replicas"] -# min_replicas = var.autoscaler["min_replicas"] -# cooldown_period = var.autoscaler["cooldown_period"] -# -# cpu_utilization { -# target = var.autoscaler["cpu_utilization_target"] -# } -# } -#} -# -#resource "google_compute_target_pool" "gcp-inspec-target-pool" { -# project = var.gcp_project_id -# name = var.target_pool["name"] -# session_affinity = var.target_pool["session_affinity"] -# -# instances = [ -# "${var.gcp_zone}/${var.gcp_ext_vm_name}", -# ] -#} -# -#resource "google_cloudbuild_trigger" "gcp-inspec-cloudbuild-trigger" { -# project = var.gcp_project_id -# trigger_template { -# branch_name = var.trigger["trigger_template_branch"] -# project_id = var.trigger["trigger_template_project"] -# repo_name = var.trigger["trigger_template_repo"] -# } -# filename = var.trigger["filename"] -#} -# -#resource "google_compute_health_check" "gcp-inspec-health-check" { -# project = var.gcp_project_id -# name = var.health_check["name"] -# -# timeout_sec = var.health_check["timeout_sec"] -# check_interval_sec = var.health_check["check_interval_sec"] -# -# tcp_health_check { -# port = var.health_check["tcp_health_check_port"] -# } -#} -# -#resource "google_compute_backend_service" "gcp-inspec-backend-service" { -# project = var.gcp_project_id -# name = var.backend_service["name"] -# description = var.backend_service["description"] -# port_name = var.backend_service["port_name"] -# protocol = var.backend_service["protocol"] -# timeout_sec = var.backend_service["timeout_sec"] -# enable_cdn = var.backend_service["enable_cdn"] -# -# backend { -# group = google_compute_instance_group_manager.gcp-inspec-igm.instance_group -# } -# -# health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] -#} -# -#resource "google_compute_health_check" "gcp-inspec-region-backend-service-hc" { -# project = var.gcp_project_id -# name = var.region_backend_service_health_check["name"] -# -# timeout_sec = var.region_backend_service_health_check["timeout_sec"] -# check_interval_sec = var.region_backend_service_health_check["check_interval_sec"] -# -# tcp_health_check { -# port = var.region_backend_service_health_check["tcp_health_check_port"] -# } -#} -# -#resource "google_compute_region_backend_service" "gcp-inspec-region-backend-service" { -# project = var.gcp_project_id -# region = var.gcp_location -# name = var.region_backend_service["name"] -# description = var.region_backend_service["description"] -# protocol = var.region_backend_service["protocol"] -# timeout_sec = var.region_backend_service["timeout_sec"] -# -# health_checks = [google_compute_health_check.gcp-inspec-region-backend-service-hc.self_link] -#} -# -#resource "google_compute_http_health_check" "gcp-inspec-http-health-check" { -# project = var.gcp_project_id -# name = var.http_health_check["name"] -# request_path = var.http_health_check["request_path"] -# -# timeout_sec = var.http_health_check["timeout_sec"] -# check_interval_sec = var.http_health_check["check_interval_sec"] -#} -# -#resource "google_compute_https_health_check" "gcp-inspec-https-health-check" { -# project = var.gcp_project_id -# name = var.https_health_check["name"] -# request_path = var.https_health_check["request_path"] -# -# timeout_sec = var.https_health_check["timeout_sec"] -# check_interval_sec = var.https_health_check["check_interval_sec"] -# unhealthy_threshold = var.https_health_check["unhealthy_threshold"] -#} -# -#resource "google_compute_instance_template" "gcp-inspec-instance-template" { -# project = var.gcp_project_id -# name = var.instance_template["name"] -# description = var.instance_template["description"] -# -# tags = [var.instance_template["tag"]] -# -# instance_description = var.instance_template["instance_description"] -# machine_type = var.instance_template["machine_type"] -# can_ip_forward = var.instance_template["can_ip_forward"] -# -# scheduling { -# automatic_restart = var.instance_template["scheduling_automatic_restart"] -# on_host_maintenance = var.instance_template["scheduling_on_host_maintenance"] -# } -# -# // Create a new boot disk from an image -# disk { -# source_image = var.instance_template["disk_source_image"] -# auto_delete = var.instance_template["disk_auto_delete"] -# boot = var.instance_template["disk_boot"] -# } -# -# network_interface { -# network = var.instance_template["network_interface_network"] -# } -# -# service_account { -# scopes = [var.instance_template["service_account_scope"]] -# } -#} -# -#resource "google_compute_global_address" "gcp-inspec-global-address" { -# project = var.gcp_project_id -# name = var.global_address["name"] -# ip_version = var.global_address["ip_version"] -#} -# -#resource "google_compute_url_map" "gcp-inspec-url-map" { -# project = var.gcp_project_id -# name = var.url_map["name"] -# description = var.url_map["description"] -# -# default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link -# -# host_rule { -# hosts = [var.url_map["host_rule_host"]] -# path_matcher = var.url_map["path_matcher_name"] -# } -# -# path_matcher { -# name = var.url_map["path_matcher_name"] -# default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link -# -# path_rule { -# paths = [var.url_map["path_rule_path"]] -# service = google_compute_backend_service.gcp-inspec-backend-service.self_link -# } -# } -# -# test { -# service = google_compute_backend_service.gcp-inspec-backend-service.self_link -# host = var.url_map["test_host"] -# path = var.url_map["test_path"] -# } -#} -# -#resource "google_compute_target_http_proxy" "gcp-inspec-http-proxy" { -# project = var.gcp_project_id -# name = var.http_proxy["name"] -# url_map = google_compute_url_map.gcp-inspec-url-map.self_link -# description = var.http_proxy["description"] -#} -# -#resource "google_compute_global_forwarding_rule" "gcp-inspec-global-forwarding-rule" { -# project = var.gcp_project_id -# name = var.global_forwarding_rule["name"] -# target = google_compute_target_http_proxy.gcp-inspec-http-proxy.self_link -# port_range = var.global_forwarding_rule["port_range"] -#} -# -#resource "google_compute_backend_service" "gcp-inspec-tcp-backend-service" { -# project = var.gcp_project_id -# name = var.target_tcp_proxy["tcp_backend_service_name"] -# protocol = "TCP" -# timeout_sec = 10 -# -# health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] -#} -# -#resource "google_compute_target_tcp_proxy" "gcp-inspec-target-tcp-proxy" { -# project = var.gcp_project_id -# name = var.target_tcp_proxy["name"] -# proxy_header = var.target_tcp_proxy["proxy_header"] -# backend_service = google_compute_backend_service.gcp-inspec-tcp-backend-service.self_link -#} -# -#resource "google_compute_route" "gcp-inspec-route" { -# project = var.gcp_project_id -# name = var.route["name"] -# dest_range = var.route["dest_range"] -# network = google_compute_network.inspec-gcp-network.name -# next_hop_ip = var.route["next_hop_ip"] -# priority = var.route["priority"] -# # google_compute_route depends on next_hop_ip belonging to a subnetwork -# # of the named network in this block. Since inspec-gcp-network does not -# # automatically create subnetworks, we need to create a dependency so -# # the route is not created before the subnetwork -# depends_on = [google_compute_subnetwork.inspec-gcp-subnetwork] -#} -# -#resource "google_compute_router" "gcp-inspec-router" { -# project = var.gcp_project_id -# name = var.router["name"] -# network = google_compute_network.inspec-gcp-network.name -# bgp { -# asn = var.router["bgp_asn"] -# advertise_mode = var.router["bgp_advertise_mode"] -# advertised_groups = [var.router["bgp_advertised_group"]] -# advertised_ip_ranges { -# range = var.router["bgp_advertised_ip_range1"] -# } -# advertised_ip_ranges { -# range = var.router["bgp_advertised_ip_range2"] -# } -# } -#} -# -#resource "google_compute_disk" "snapshot-disk" { -# project = var.gcp_project_id -# name = var.snapshot["disk_name"] -# type = var.snapshot["disk_type"] -# zone = var.gcp_zone -# image = var.snapshot["disk_image"] -# labels = { -# environment = "generic_compute_disk_label" -# } -#} -# -#resource "google_compute_snapshot" "gcp-inspec-snapshot" { -# project = var.gcp_project_id -# name = var.snapshot["name"] -# source_disk = google_compute_disk.snapshot-disk.name -# zone = var.gcp_zone -#} -# -#resource "google_compute_ssl_certificate" "gcp-inspec-ssl-certificate" { -# project = var.gcp_project_id -# name = var.ssl_certificate["name"] -# private_key = var.ssl_certificate["private_key"] -# certificate = var.ssl_certificate["certificate"] -# description = var.ssl_certificate["description"] -#} -# -#resource "google_compute_target_https_proxy" "gcp-inspec-https-proxy" { -# project = var.gcp_project_id -# name = var.https_proxy["name"] -# url_map = google_compute_url_map.gcp-inspec-url-map.self_link -# description = var.https_proxy["description"] -# ssl_certificates = [google_compute_ssl_certificate.gcp-inspec-ssl-certificate.self_link] -#} -# -#resource "google_bigquery_dataset" "gcp-inspec-dataset" { -# project = var.gcp_project_id -# dataset_id = var.dataset["dataset_id"] -# friendly_name = var.dataset["friendly_name"] -# description = var.dataset["description"] -# location = var.dataset["location"] -# default_table_expiration_ms = var.dataset["default_table_expiration_ms"] -# -# access { -# role = var.dataset["access_writer_role"] -# special_group = var.dataset["access_writer_special_group"] -# } -# -# access { -# role = "OWNER" -# special_group = "projectOwners" -# } -#} -# -#resource "google_bigquery_table" "gcp-inspec-bigquery-table" { -# project = var.gcp_project_id -# dataset_id = google_bigquery_dataset.gcp-inspec-dataset.dataset_id -# table_id = var.bigquery_table["table_id"] -# -# time_partitioning { -# type = var.bigquery_table["time_partitioning_type"] -# } -# -# description = var.bigquery_table["description"] -# expiration_time = var.bigquery_table["expiration_time"] -#} -# -#resource "google_sourcerepo_repository" "gcp-inspec-sourcerepo-repository" { -# project = var.gcp_project_id -# name = var.repository["name"] -#} -# -#resource "google_folder" "inspec-gcp-folder" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# display_name = var.folder["display_name"] -# parent = "organizations/${var.gcp_organization_id}" -#} -# -#resource "google_storage_bucket_object" "archive" { -# name = "index.js.zip" -# bucket = google_storage_bucket.generic-storage-bucket.name -# source = "../configuration/index.js.zip" -#} -# -#resource "google_cloudfunctions_function" "function" { -# project = var.gcp_project_id -# region = var.gcp_cloud_function_region -# name = var.cloudfunction["name"] -# description = var.cloudfunction["description"] -# available_memory_mb = var.cloudfunction["available_memory_mb"] -# source_archive_bucket = google_storage_bucket.generic-storage-bucket.name -# source_archive_object = google_storage_bucket_object.archive.name -# trigger_http = var.cloudfunction["trigger_http"] -# timeout = var.cloudfunction["timeout"] -# entry_point = var.cloudfunction["entry_point"] -# runtime = "nodejs8" -# -# environment_variables = { -# MY_ENV_VAR = var.cloudfunction["env_var_value"] -# } -#} -# -#resource "google_compute_backend_bucket" "image_backend" { -# project = var.gcp_project_id -# name = var.backend_bucket["name"] -# description = var.backend_bucket["description"] -# bucket_name = google_storage_bucket.generic-storage-bucket.name -# enable_cdn = var.backend_bucket["enable_cdn"] -#} -# -#resource "google_container_node_pool" "inspec-gcp-node-pool" { -# project = var.gcp_project_id -# name = var.regional_node_pool["name"] -# location = google_container_cluster.primary.location -# cluster = google_container_cluster.primary.name -# node_count = var.regional_node_pool["node_count"] -#} -# -#resource "google_logging_organization_sink" "my-sink" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# name = var.org_sink.name -# org_id = var.gcp_organization_id -# -# # Can export to pubsub, cloud storage, or bigquery -# destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" -# -# # Log all WARN or higher severity messages relating to instances -# filter = var.org_sink.filter -#} -# -#variable "project_sink" { -# type = any -#} -# -#resource "google_logging_project_sink" "project-logging-sink" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# project = var.gcp_project_id -# -# name = var.project_sink.name -# destination = "storage.googleapis.com/${google_storage_bucket.project-logging-bucket[0].name}" -# -# filter = var.project_sink.filter -# -# unique_writer_identity = true -#} -# -#resource "google_storage_bucket" "bucket" { -# name = "inspec-gcp-static-${var.gcp_project_id}" -# project = var.gcp_project_id -# location = var.gcp_location -# force_destroy = true -# -# labels = { -# "key" = "value" -# } -# -# retention_policy { -# retention_period = 1000 -# } -#} -# -#resource "google_storage_bucket_object" "object" { -# name = "hello-world.zip" -# bucket = google_storage_bucket.bucket.name -# source = "../configuration/hello-world.zip" -#} -# -#resource "google_app_engine_standard_app_version" "default" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# project = var.gcp_project_id -# version_id = var.standardappversion["version_id"] -# service = var.standardappversion["service"] -# runtime = var.standardappversion["runtime"] -# noop_on_destroy = true -# entrypoint { -# shell = var.standardappversion["entrypoint"] -# } -# -# deployment { -# zip { -# source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" -# } -# } -# -# env_variables = { -# port = var.standardappversion["port"] -# } -#} -# -#resource "google_ml_engine_model" "inspec-gcp-model" { -# project = var.gcp_project_id -# name = var.ml_model["name"] -# description = var.ml_model["description"] -# regions = [var.ml_model["region"]] -# online_prediction_logging = var.ml_model["online_prediction_logging"] -# online_prediction_console_logging = var.ml_model["online_prediction_console_logging"] -#} -# -#resource "google_compute_firewall" "dataproc" { -# project = var.gcp_project_id -# name = "dataproc-firewall" -# network = google_compute_network.dataproc.name -# -# source_ranges = ["10.128.0.0/9"] -# allow { -# protocol = "icmp" -# } -# -# allow { -# protocol = "tcp" -# ports = ["0-65535"] -# } -# allow { -# protocol = "udp" -# ports = ["0-65535"] -# } -#} -# -#resource "google_compute_network" "dataproc" { -# project = var.gcp_project_id -# name = "dataproc-network" -#} -# -#resource "google_dataproc_cluster" "mycluster" { -# project = var.gcp_project_id -# region = var.gcp_location -# name = var.dataproc_cluster["name"] -# -# labels = { -# "${var.dataproc_cluster["label_key"]}" = var.dataproc_cluster["label_value"] -# } -# -# cluster_config { -# master_config { -# num_instances = var.dataproc_cluster["config"]["master_config"]["num_instances"] -# machine_type = var.dataproc_cluster["config"]["master_config"]["machine_type"] -# disk_config { -# boot_disk_type = var.dataproc_cluster["config"]["master_config"]["boot_disk_type"] -# boot_disk_size_gb = var.dataproc_cluster["config"]["master_config"]["boot_disk_size_gb"] -# } -# } -# -# worker_config { -# num_instances = var.dataproc_cluster["config"]["worker_config"]["num_instances"] -# machine_type = var.dataproc_cluster["config"]["worker_config"]["machine_type"] -# disk_config { -# boot_disk_size_gb = var.dataproc_cluster["config"]["worker_config"]["boot_disk_size_gb"] -# num_local_ssds = var.dataproc_cluster["config"]["worker_config"]["num_local_ssds"] -# } -# } -# -# # Override or set some custom properties -# software_config { -# override_properties = { -# "${var.dataproc_cluster["config"]["software_config"]["prop_key"]}" = var.dataproc_cluster["config"]["software_config"]["prop_value"] -# } -# } -# -# gce_cluster_config { -# network = google_compute_network.dataproc.self_link -# tags = [var.dataproc_cluster["config"]["gce_cluster_config"]["tag"]] -# } -# } -#} -# -#resource "google_logging_folder_exclusion" "my-exclusion" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# name = var.folder_exclusion["name"] -# folder = google_folder.inspec-gcp-folder.0.name -# -# description = var.folder_exclusion["description"] -# -# filter = var.folder_exclusion["filter"] -#} -# -#variable "project_exclusion" { -# type = any -#} -# -#resource "google_logging_project_exclusion" "project-exclusion" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# name = var.project_exclusion["name"] -# project = var.gcp_project_id -# -# description = var.project_exclusion["description"] -# -# filter = var.project_exclusion["filter"] -#} -# -#resource "google_filestore_instance" "instance" { -# project = var.gcp_project_id -# name = var.filestore_instance["name"] -# zone = var.filestore_instance["zone"] -# tier = var.filestore_instance["tier"] -# -# file_shares { -# capacity_gb = var.filestore_instance["fileshare_capacity_gb"] -# name = var.filestore_instance["fileshare_name"] -# } -# -# networks { -# network = var.filestore_instance["network_name"] -# modes = [var.filestore_instance["network_mode"]] -# } -#} -# -#resource "google_logging_folder_sink" "folder-sink" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# name = var.folder_sink.name -# folder = google_folder.inspec-gcp-folder.0.name -# -# destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" -# -# filter = var.folder_sink.filter -#} -# -#resource "google_runtimeconfig_config" "inspec-runtime-config" { -# project = var.gcp_project_id -# name = var.runtimeconfig_config["name"] -# description = var.runtimeconfig_config["description"] -#} -# -#resource "google_runtimeconfig_variable" "inspec-runtime-variable" { -# project = var.gcp_project_id -# parent = google_runtimeconfig_config.inspec-runtime-config.name -# name = var.runtimeconfig_variable["name"] -# text = var.runtimeconfig_variable["text"] -#} -# -#resource "google_redis_instance" "inspec-redis" { -# project = var.gcp_project_id -# name = var.redis["name"] -# tier = var.redis["tier"] -# memory_size_gb = var.redis["memory_size_gb"] -# -# location_id = var.redis["location_id"] -# alternative_location_id = var.redis["alternative_location_id"] -# -# redis_version = var.redis["redis_version"] -# display_name = var.redis["display_name"] -# reserved_ip_range = var.redis["reserved_ip_range"] -# -# labels = { -# "${var.redis["label_key"]}" = var.redis["label_value"] -# } -#} -# -#resource "google_compute_network_endpoint_group" "inspec-endpoint-group" { -# project = var.gcp_project_id -# name = var.network_endpoint_group["name"] -# network = google_compute_subnetwork.inspec-gcp-subnetwork.network -# subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link -# default_port = var.network_endpoint_group["default_port"] -# zone = var.gcp_zone -#} -# -#data "google_compute_node_types" "zone-node-type" { -# project = var.gcp_project_id -# zone = var.gcp_zone -#} -# -#resource "google_compute_node_template" "inspec-template" { -# project = var.gcp_project_id -# region = var.gcp_location -# -# name = var.node_template["name"] -# node_type = data.google_compute_node_types.zone-node-type.names[0] -# -# node_affinity_labels = { -# "${var.node_template["label_key"]}" = var.node_template["label_value"] -# } -#} -# -#resource "google_compute_node_group" "inspec-node-group" { -# project = var.gcp_project_id -# name = var.node_group["name"] -# zone = var.gcp_zone -# description = var.node_group["description"] -# -# size = var.node_group["size"] -# node_template = google_compute_node_template.inspec-template.self_link -#} -# -#resource "google_compute_router_nat" "inspec-nat" { -# project = var.gcp_project_id -# name = var.router_nat["name"] -# router = google_compute_router.gcp-inspec-router.name -# region = google_compute_router.gcp-inspec-router.region -# nat_ip_allocate_option = var.router_nat["nat_ip_allocate_option"] -# source_subnetwork_ip_ranges_to_nat = var.router_nat["source_subnetwork_ip_ranges_to_nat"] -# min_ports_per_vm = var.router_nat["min_ports_per_vm"] -# -# log_config { -# enable = var.router_nat["log_config_enable"] -# filter = var.router_nat["log_config_filter"] -# } -#} -# -#resource "google_project_service" "project" { -# project = var.gcp_project_id -# service = var.service["name"] -#} -# -#resource "google_service_account" "spanner_service_account" { -# project = var.gcp_project_id -# account_id = "${var.gcp_service_account_display_name}-sp" -# display_name = "${var.gcp_service_account_display_name}-sp" -#} -# -#resource "google_service_account_key" "userkey" { -# service_account_id = google_service_account.spanner_service_account.name -# public_key_type = "TYPE_X509_PEM_FILE" -#} -# -#resource "google_spanner_instance" "spanner_instance" { -# project = var.gcp_project_id -# config = var.spannerinstance["config"] -# name = var.spannerinstance["name"] -# display_name = var.spannerinstance["display_name"] -# num_nodes = var.spannerinstance["num_nodes"] -# labels = { -# "${var.spannerinstance["label_key"]}" = var.spannerinstance["label_value"] -# } -#} -# -#resource "google_spanner_instance_iam_binding" "instance" { -# project = var.gcp_project_id -# instance = google_spanner_instance.spanner_instance.name -# role = "roles/editor" -# -# members = [ -# "serviceAccount:${google_service_account.spanner_service_account.email}", -# ] -#} -# -#resource "google_spanner_database" "database" { -# project = var.gcp_project_id -# instance = google_spanner_instance.spanner_instance.name -# name = var.spannerdatabase["name"] -# ddl = [var.spannerdatabase["ddl"]] -#} -# -#resource "google_cloud_scheduler_job" "job" { -# project = var.gcp_project_id -# region = var.scheduler_job["region"] -# name = var.scheduler_job["name"] -# description = var.scheduler_job["description"] -# schedule = var.scheduler_job["schedule"] -# time_zone = var.scheduler_job["time_zone"] -# -# http_target { -# http_method = var.scheduler_job["http_method"] -# uri = var.scheduler_job["http_target_uri"] -# } -#} -# -#variable "service_perimeter" { -# type = any -#} -# -#resource "google_access_context_manager_service_perimeter" "service-perimeter" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" -# name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/servicePerimeters/${var.service_perimeter["name"]}" -# title = var.service_perimeter["title"] -# status { -# restricted_services = [var.service_perimeter["restricted_service"]] -# } -#} -# -#resource "google_access_context_manager_access_policy" "access-policy" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# parent = "organizations/${var.gcp_organization_id}" -# title = var.service_perimeter["policy_title"] -#} -# -#resource "google_access_context_manager_access_level" "access-level" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" -# name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/accessLevels/os_lock" -# title = "os_lock" -# basic { -# conditions { -# device_policy { -# require_screen_lock = true -# } -# regions = [ -# "CH", -# "IT", -# "US", -# ] -# } -# } -#} -# -#variable "firewall" { -# type = any -#} -# -#resource "google_compute_firewall" "mm-firewall" { -# project = var.gcp_project_id -# name = var.firewall["name"] -# enable_logging = true -# network = google_compute_network.inspec-gcp-network.name -# -# allow { -# protocol = "tcp" -# ports = ["80", "8080", "1000-2000"] -# } -# -# source_tags = [var.firewall["source_tag"]] -#} -# -#variable "address" { -# type = any -#} -# -#resource "google_compute_address" "internal_with_subnet_and_address" { -# project = var.gcp_project_id -# name = var.address["name"] -# subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link -# address_type = var.address["address_type"] -# address = var.address["address"] -# region = var.gcp_location -#} -# -#variable "instance_group" { -# type = any -#} -# -#resource "google_compute_instance_group" "inspec-instance-group" { -# project = var.gcp_project_id -# zone = var.gcp_zone -# name = var.instance_group["name"] -# description = var.instance_group["description"] -# -# named_port { -# name = var.instance_group["named_port_name"] -# port = var.instance_group["named_port_port"] -# } -#} -# -#variable "instance" { -# type = any -#} -# -#resource "google_compute_instance" "inspec-instance" { -# project = var.gcp_project_id -# zone = var.gcp_zone -# name = var.instance["name"] -# machine_type = var.instance["machine_type"] -# -# tags = [var.instance["tag_1"], var.instance["tag_2"]] -# -# boot_disk { -# initialize_params { -# image = "debian-cloud/debian-9" -# } -# } -# -# network_interface { -# network = "default" -# -# access_config { -# // Ephemeral IP -# } -# } -# -# metadata = { -# "${var.instance["metadata_key"]}" = var.instance["metadata_value"] -# } -# -# metadata_startup_script = var.instance["startup_script"] -# -# service_account { -# scopes = [var.instance["sa_scope"]] -# } -#} -# -#variable "network" { -# type = any -#} -# -#resource "google_compute_network" "inspec-network" { -# project = var.gcp_project_id -# name = var.network["name"] -# routing_mode = var.network["routing_mode"] -#} -# -#variable "subnetwork" { -# type = any -#} -# -#resource "google_compute_subnetwork" "subnet-with-logging" { -# project = var.gcp_project_id -# region = var.gcp_location -# name = var.subnetwork["name"] -# ip_cidr_range = var.subnetwork["ip_cidr_range"] -# network = google_compute_network.inspec-network.self_link -# -# log_config { -# aggregation_interval = var.subnetwork["log_interval"] -# flow_sampling = var.subnetwork["log_sampling"] -# metadata = var.subnetwork["log_metadata"] -# } -#} -# -#variable "rigm" { -# type = any -#} -# +variable "ssl_policy" { + type = any +} + +variable "topic" { + type = any +} + +variable "subscription" { + type = any +} + +variable "managed_zone" { + type = any +} + +variable "record_set" { + type = any +} + +variable "instance_group_manager" { + type = any +} + +variable "autoscaler" { + type = any +} + +variable "target_pool" { + type = any +} + +variable "trigger" { + type = any +} + +variable "health_check" { + type = any +} + +variable "backend_service" { + type = any +} + +variable "http_health_check" { + type = any +} + +variable "https_health_check" { + type = any +} + +variable "instance_template" { + type = any +} + +variable "global_address" { + type = any +} + +variable "url_map" { + type = any +} + +variable "http_proxy" { + type = any +} + +variable "global_forwarding_rule" { + type = any +} + +variable "target_tcp_proxy" { + type = any +} + +variable "route" { + type = any +} + +variable "router" { + type = any +} + +variable "snapshot" { + type = any +} + +variable "https_proxy" { + type = any +} + +variable "ssl_certificate" { + type = any +} + +variable "dataset" { + type = any +} + +variable "bigquery_table" { + type = any +} + +variable "repository" { + type = any +} + +variable "folder" { + type = any +} + +variable "gcp_organization_id" { + type = string + default = "none" +} + +variable "cloudfunction" { + type = any +} + +variable "backend_bucket" { + type = any +} + +variable "gcp_cloud_function_region" {} + +variable "regional_node_pool" { + type = any +} + +variable "region_backend_service_health_check" { + type = any +} + +variable "region_backend_service" { + type = any +} + +variable "org_sink" { + type = any +} + +variable "standardappversion" { + type = any +} + +variable "ml_model" { + type = any +} + +variable "dataproc_cluster" { + type = any +} + +variable "folder_exclusion" { + type = any +} + +variable "filestore_instance" { + type = any +} + +variable "folder_sink" { + type = any +} + +variable "runtimeconfig_config" { + type = any +} + +variable "runtimeconfig_variable" { + type = any +} + +variable "redis" { + type = any +} + +variable "network_endpoint_group" { + type = any +} + +variable "node_template" { + type = any +} + +variable "node_group" { + type = any +} + +variable "router_nat" { + type = any +} + +variable "service" { + type = any +} + +variable "spannerinstance" { + type = any +} + +variable "spannerdatabase" { + type = any +} + +variable "scheduler_job" { + type = any +} + + +resource "google_compute_ssl_policy" "custom-ssl-policy" { + name = var.ssl_policy["name"] + min_tls_version = var.ssl_policy["min_tls_version"] + profile = var.ssl_policy["profile"] + custom_features = [var.ssl_policy["custom_feature"], var.ssl_policy["custom_feature2"]] + project = var.gcp_project_id +} + +resource "google_pubsub_topic" "topic" { + project = var.gcp_project_id + name = var.topic["name"] +} + +resource "google_pubsub_subscription" "default" { + project = var.gcp_project_id + name = var.subscription["name"] + topic = google_pubsub_topic.topic.name + ack_deadline_seconds = var.subscription["ack_deadline_seconds"] +} + +resource "google_dns_managed_zone" "prod" { + name = var.managed_zone["name"] + dns_name = var.managed_zone["dns_name"] + description = var.managed_zone["description"] + + labels = { + key = var.managed_zone["label_value"] + } + project = var.gcp_project_id +} + +resource "google_dns_record_set" "a" { + name = var.record_set["name"] + managed_zone = google_dns_managed_zone.prod.name + type = var.record_set["type"] + ttl = var.record_set["ttl"] + + rrdatas = [var.record_set["rrdatas1"], var.record_set["rrdatas2"]] + project = var.gcp_project_id +} + +resource "google_compute_instance_group_manager" "gcp-inspec-igm" { + project = var.gcp_project_id + zone = var.gcp_zone + name = var.instance_group_manager["name"] + version { + instance_template = google_compute_instance_template.default.self_link + } + base_instance_name = var.instance_group_manager["base_instance_name"] + target_pools = [] + target_size = 0 + named_port { + name = var.instance_group_manager["named_port_name"] + port = var.instance_group_manager["named_port_port"] + } +} + +resource "google_compute_autoscaler" "gcp-inspec-autoscaler" { + project = var.gcp_project_id + name = var.autoscaler["name"] + zone = var.gcp_zone + target = google_compute_instance_group_manager.gcp-inspec-igm.self_link + + autoscaling_policy { + max_replicas = var.autoscaler["max_replicas"] + min_replicas = var.autoscaler["min_replicas"] + cooldown_period = var.autoscaler["cooldown_period"] + + cpu_utilization { + target = var.autoscaler["cpu_utilization_target"] + } + } +} + +resource "google_compute_target_pool" "gcp-inspec-target-pool" { + project = var.gcp_project_id + name = var.target_pool["name"] + session_affinity = var.target_pool["session_affinity"] + + instances = [ + "${var.gcp_zone}/${var.gcp_ext_vm_name}", + ] +} + +resource "google_cloudbuild_trigger" "gcp-inspec-cloudbuild-trigger" { + project = var.gcp_project_id + trigger_template { + branch_name = var.trigger["trigger_template_branch"] + project_id = var.trigger["trigger_template_project"] + repo_name = var.trigger["trigger_template_repo"] + } + filename = var.trigger["filename"] +} + +resource "google_compute_health_check" "gcp-inspec-health-check" { +project = var.gcp_project_id +name = var.health_check["name"] + +timeout_sec = var.health_check["timeout_sec"] +check_interval_sec = var.health_check["check_interval_sec"] + +tcp_health_check { + port = var.health_check["tcp_health_check_port"] +} +} + +resource "google_compute_backend_service" "gcp-inspec-backend-service" { + project = var.gcp_project_id + name = var.backend_service["name"] + description = var.backend_service["description"] + port_name = var.backend_service["port_name"] + protocol = var.backend_service["protocol"] + timeout_sec = var.backend_service["timeout_sec"] + enable_cdn = var.backend_service["enable_cdn"] + + backend { + group = google_compute_instance_group_manager.gcp-inspec-igm.instance_group + } + + health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] +} + +resource "google_compute_health_check" "gcp-inspec-region-backend-service-hc" { +project = var.gcp_project_id +name = var.region_backend_service_health_check["name"] + +timeout_sec = var.region_backend_service_health_check["timeout_sec"] +check_interval_sec = var.region_backend_service_health_check["check_interval_sec"] + +tcp_health_check { + port = var.region_backend_service_health_check["tcp_health_check_port"] +} +} + +resource "google_compute_region_backend_service" "gcp-inspec-region-backend-service" { + project = var.gcp_project_id + region = var.gcp_location + name = var.region_backend_service["name"] + description = var.region_backend_service["description"] + protocol = var.region_backend_service["protocol"] + timeout_sec = var.region_backend_service["timeout_sec"] + + health_checks = [google_compute_health_check.gcp-inspec-region-backend-service-hc.self_link] +} + +resource "google_compute_http_health_check" "gcp-inspec-http-health-check" { + project = var.gcp_project_id + name = var.http_health_check["name"] + request_path = var.http_health_check["request_path"] + + timeout_sec = var.http_health_check["timeout_sec"] + check_interval_sec = var.http_health_check["check_interval_sec"] +} + +resource "google_compute_https_health_check" "gcp-inspec-https-health-check" { + project = var.gcp_project_id + name = var.https_health_check["name"] + request_path = var.https_health_check["request_path"] + + timeout_sec = var.https_health_check["timeout_sec"] + check_interval_sec = var.https_health_check["check_interval_sec"] + unhealthy_threshold = var.https_health_check["unhealthy_threshold"] +} + +resource "google_compute_instance_template" "gcp-inspec-instance-template" { + project = var.gcp_project_id + name = var.instance_template["name"] + description = var.instance_template["description"] + + tags = [var.instance_template["tag"]] + + instance_description = var.instance_template["instance_description"] + machine_type = var.instance_template["machine_type"] + can_ip_forward = var.instance_template["can_ip_forward"] + + scheduling { + automatic_restart = var.instance_template["scheduling_automatic_restart"] + on_host_maintenance = var.instance_template["scheduling_on_host_maintenance"] + } + + // Create a new boot disk from an image + disk { + source_image = var.instance_template["disk_source_image"] + auto_delete = var.instance_template["disk_auto_delete"] + boot = var.instance_template["disk_boot"] + } + + network_interface { + network = var.instance_template["network_interface_network"] + } + + service_account { + scopes = [var.instance_template["service_account_scope"]] + } +} + +resource "google_compute_global_address" "gcp-inspec-global-address" { + project = var.gcp_project_id + name = var.global_address["name"] + ip_version = var.global_address["ip_version"] +} + +resource "google_compute_url_map" "gcp-inspec-url-map" { + project = var.gcp_project_id + name = var.url_map["name"] + description = var.url_map["description"] + + default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link + + host_rule { + hosts = [var.url_map["host_rule_host"]] + path_matcher = var.url_map["path_matcher_name"] + } + + path_matcher { + name = var.url_map["path_matcher_name"] + default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link + + path_rule { + paths = [var.url_map["path_rule_path"]] + service = google_compute_backend_service.gcp-inspec-backend-service.self_link + } + } + + test { + service = google_compute_backend_service.gcp-inspec-backend-service.self_link + host = var.url_map["test_host"] + path = var.url_map["test_path"] + } +} + +resource "google_compute_target_http_proxy" "gcp-inspec-http-proxy" { + project = var.gcp_project_id + name = var.http_proxy["name"] + url_map = google_compute_url_map.gcp-inspec-url-map.self_link + description = var.http_proxy["description"] +} + +resource "google_compute_global_forwarding_rule" "gcp-inspec-global-forwarding-rule" { + project = var.gcp_project_id + name = var.global_forwarding_rule["name"] + target = google_compute_target_http_proxy.gcp-inspec-http-proxy.self_link + port_range = var.global_forwarding_rule["port_range"] +} + +resource "google_compute_backend_service" "gcp-inspec-tcp-backend-service" { + project = var.gcp_project_id + name = var.target_tcp_proxy["tcp_backend_service_name"] + protocol = "TCP" + timeout_sec = 10 + + health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] +} + +resource "google_compute_target_tcp_proxy" "gcp-inspec-target-tcp-proxy" { + project = var.gcp_project_id + name = var.target_tcp_proxy["name"] + proxy_header = var.target_tcp_proxy["proxy_header"] + backend_service = google_compute_backend_service.gcp-inspec-tcp-backend-service.self_link +} + +resource "google_compute_route" "gcp-inspec-route" { + project = var.gcp_project_id + name = var.route["name"] + dest_range = var.route["dest_range"] + network = google_compute_network.inspec-gcp-network.name + next_hop_ip = var.route["next_hop_ip"] + priority = var.route["priority"] + # google_compute_route depends on next_hop_ip belonging to a subnetwork + # of the named network in this block. Since inspec-gcp-network does not + # automatically create subnetworks, we need to create a dependency so + # the route is not created before the subnetwork + depends_on = [google_compute_subnetwork.inspec-gcp-subnetwork] +} + +resource "google_compute_router" "gcp-inspec-router" { + project = var.gcp_project_id + name = var.router["name"] + network = google_compute_network.inspec-gcp-network.name + bgp { + asn = var.router["bgp_asn"] + advertise_mode = var.router["bgp_advertise_mode"] + advertised_groups = [var.router["bgp_advertised_group"]] + advertised_ip_ranges { + range = var.router["bgp_advertised_ip_range1"] + } + advertised_ip_ranges { + range = var.router["bgp_advertised_ip_range2"] + } + } +} + +resource "google_compute_disk" "snapshot-disk" { + project = var.gcp_project_id + name = var.snapshot["disk_name"] + type = var.snapshot["disk_type"] + zone = var.gcp_zone + image = var.snapshot["disk_image"] + labels = { + environment = "generic_compute_disk_label" + } +} + +resource "google_compute_snapshot" "gcp-inspec-snapshot" { + project = var.gcp_project_id + name = var.snapshot["name"] + source_disk = google_compute_disk.snapshot-disk.name + zone = var.gcp_zone +} + +resource "google_compute_ssl_certificate" "gcp-inspec-ssl-certificate" { + project = var.gcp_project_id + name = var.ssl_certificate["name"] + private_key = var.ssl_certificate["private_key"] + certificate = var.ssl_certificate["certificate"] + description = var.ssl_certificate["description"] +} + +resource "google_compute_target_https_proxy" "gcp-inspec-https-proxy" { + project = var.gcp_project_id + name = var.https_proxy["name"] + url_map = google_compute_url_map.gcp-inspec-url-map.self_link + description = var.https_proxy["description"] + ssl_certificates = [google_compute_ssl_certificate.gcp-inspec-ssl-certificate.self_link] +} + +resource "google_bigquery_dataset" "gcp-inspec-dataset" { + project = var.gcp_project_id + dataset_id = var.dataset["dataset_id"] + friendly_name = var.dataset["friendly_name"] + description = var.dataset["description"] + location = var.dataset["location"] + default_table_expiration_ms = var.dataset["default_table_expiration_ms"] + + access { + role = var.dataset["access_writer_role"] + special_group = var.dataset["access_writer_special_group"] + } + + access { + role = "OWNER" + special_group = "projectOwners" + } +} + +resource "google_bigquery_table" "gcp-inspec-bigquery-table" { + project = var.gcp_project_id + dataset_id = google_bigquery_dataset.gcp-inspec-dataset.dataset_id + table_id = var.bigquery_table["table_id"] + + time_partitioning { + type = var.bigquery_table["time_partitioning_type"] + } + + description = var.bigquery_table["description"] + expiration_time = var.bigquery_table["expiration_time"] +} + +resource "google_sourcerepo_repository" "gcp-inspec-sourcerepo-repository" { + project = var.gcp_project_id + name = var.repository["name"] +} + +resource "google_folder" "inspec-gcp-folder" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + display_name = var.folder["display_name"] + parent = "organizations/${var.gcp_organization_id}" +} + +resource "google_storage_bucket_object" "archive" { + name = "index.js.zip" + bucket = google_storage_bucket.generic-storage-bucket.name + source = "../configuration/index.js.zip" +} + +resource "google_cloudfunctions_function" "function" { + project = var.gcp_project_id + region = var.gcp_cloud_function_region + name = var.cloudfunction["name"] + description = var.cloudfunction["description"] + available_memory_mb = var.cloudfunction["available_memory_mb"] + source_archive_bucket = google_storage_bucket.generic-storage-bucket.name + source_archive_object = google_storage_bucket_object.archive.name + trigger_http = var.cloudfunction["trigger_http"] + timeout = var.cloudfunction["timeout"] + entry_point = var.cloudfunction["entry_point"] + runtime = "nodejs8" + + environment_variables = { + MY_ENV_VAR = var.cloudfunction["env_var_value"] + } +} + +resource "google_compute_backend_bucket" "image_backend" { + project = var.gcp_project_id + name = var.backend_bucket["name"] + description = var.backend_bucket["description"] + bucket_name = google_storage_bucket.generic-storage-bucket.name + enable_cdn = var.backend_bucket["enable_cdn"] +} + +resource "google_container_node_pool" "inspec-gcp-node-pool" { + project = var.gcp_project_id + name = var.regional_node_pool["name"] + location = google_container_cluster.primary.location + cluster = google_container_cluster.primary.name + node_count = var.regional_node_pool["node_count"] +} + +resource "google_logging_organization_sink" "my-sink" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + name = var.org_sink.name + org_id = var.gcp_organization_id + + # Can export to pubsub, cloud storage, or bigquery + destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" + + # Log all WARN or higher severity messages relating to instances + filter = var.org_sink.filter +} + +variable "project_sink" { + type = any +} + +resource "google_logging_project_sink" "project-logging-sink" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + project = var.gcp_project_id + + name = var.project_sink.name + destination = "storage.googleapis.com/${google_storage_bucket.project-logging-bucket[0].name}" + + filter = var.project_sink.filter + + unique_writer_identity = true +} + +resource "google_storage_bucket" "bucket" { + name = "inspec-gcp-static-${var.gcp_project_id}" + project = var.gcp_project_id + location = var.gcp_location + force_destroy = true + + labels = { + "key" = "value" + } + + retention_policy { + retention_period = 1000 + } +} + +resource "google_storage_bucket_object" "object" { + name = "hello-world.zip" + bucket = google_storage_bucket.bucket.name + source = "../configuration/hello-world.zip" +} + +resource "google_app_engine_standard_app_version" "default" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + project = var.gcp_project_id + version_id = var.standardappversion["version_id"] + service = var.standardappversion["service"] + runtime = var.standardappversion["runtime"] + noop_on_destroy = true + entrypoint { + shell = var.standardappversion["entrypoint"] + } + + deployment { + zip { + source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" + } + } + + env_variables = { + port = var.standardappversion["port"] + } +} + +resource "google_ml_engine_model" "inspec-gcp-model" { + project = var.gcp_project_id + name = var.ml_model["name"] + description = var.ml_model["description"] + regions = [var.ml_model["region"]] + online_prediction_logging = var.ml_model["online_prediction_logging"] + online_prediction_console_logging = var.ml_model["online_prediction_console_logging"] +} + +resource "google_compute_firewall" "dataproc" { + project = var.gcp_project_id + name = "dataproc-firewall" + network = google_compute_network.dataproc.name + + source_ranges = ["10.128.0.0/9"] + allow { + protocol = "icmp" + } + + allow { + protocol = "tcp" + ports = ["0-65535"] + } + allow { + protocol = "udp" + ports = ["0-65535"] + } +} + +resource "google_compute_network" "dataproc" { + project = var.gcp_project_id + name = "dataproc-network" +} + +resource "google_dataproc_cluster" "mycluster" { + project = var.gcp_project_id + region = var.gcp_location + name = var.dataproc_cluster["name"] + + labels = { + "${var.dataproc_cluster["label_key"]}" = var.dataproc_cluster["label_value"] + } + + cluster_config { + master_config { + num_instances = var.dataproc_cluster["config"]["master_config"]["num_instances"] + machine_type = var.dataproc_cluster["config"]["master_config"]["machine_type"] + disk_config { + boot_disk_type = var.dataproc_cluster["config"]["master_config"]["boot_disk_type"] + boot_disk_size_gb = var.dataproc_cluster["config"]["master_config"]["boot_disk_size_gb"] + } + } + + worker_config { + num_instances = var.dataproc_cluster["config"]["worker_config"]["num_instances"] + machine_type = var.dataproc_cluster["config"]["worker_config"]["machine_type"] + disk_config { + boot_disk_size_gb = var.dataproc_cluster["config"]["worker_config"]["boot_disk_size_gb"] + num_local_ssds = var.dataproc_cluster["config"]["worker_config"]["num_local_ssds"] + } + } + + # Override or set some custom properties + software_config { + override_properties = { + "${var.dataproc_cluster["config"]["software_config"]["prop_key"]}" = var.dataproc_cluster["config"]["software_config"]["prop_value"] + } + } + + gce_cluster_config { + network = google_compute_network.dataproc.self_link + tags = [var.dataproc_cluster["config"]["gce_cluster_config"]["tag"]] + } + } +} + +resource "google_logging_folder_exclusion" "my-exclusion" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + name = var.folder_exclusion["name"] + folder = google_folder.inspec-gcp-folder.0.name + + description = var.folder_exclusion["description"] + + filter = var.folder_exclusion["filter"] +} + +variable "project_exclusion" { + type = any +} + +resource "google_logging_project_exclusion" "project-exclusion" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + name = var.project_exclusion["name"] + project = var.gcp_project_id + + description = var.project_exclusion["description"] + + filter = var.project_exclusion["filter"] +} + +resource "google_filestore_instance" "instance" { + project = var.gcp_project_id + name = var.filestore_instance["name"] + zone = var.filestore_instance["zone"] + tier = var.filestore_instance["tier"] + + file_shares { + capacity_gb = var.filestore_instance["fileshare_capacity_gb"] + name = var.filestore_instance["fileshare_name"] + } + + networks { + network = var.filestore_instance["network_name"] + modes = [var.filestore_instance["network_mode"]] + } +} + +resource "google_logging_folder_sink" "folder-sink" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + name = var.folder_sink.name + folder = google_folder.inspec-gcp-folder.0.name + + destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" + + filter = var.folder_sink.filter +} + +resource "google_runtimeconfig_config" "inspec-runtime-config" { + project = var.gcp_project_id + name = var.runtimeconfig_config["name"] + description = var.runtimeconfig_config["description"] +} + +resource "google_runtimeconfig_variable" "inspec-runtime-variable" { + project = var.gcp_project_id + parent = google_runtimeconfig_config.inspec-runtime-config.name + name = var.runtimeconfig_variable["name"] + text = var.runtimeconfig_variable["text"] +} + +resource "google_redis_instance" "inspec-redis" { + project = var.gcp_project_id + name = var.redis["name"] + tier = var.redis["tier"] + memory_size_gb = var.redis["memory_size_gb"] + + location_id = var.redis["location_id"] + alternative_location_id = var.redis["alternative_location_id"] + + redis_version = var.redis["redis_version"] + display_name = var.redis["display_name"] + reserved_ip_range = var.redis["reserved_ip_range"] + + labels = { + "${var.redis["label_key"]}" = var.redis["label_value"] + } +} + +resource "google_compute_network_endpoint_group" "inspec-endpoint-group" { + project = var.gcp_project_id + name = var.network_endpoint_group["name"] + network = google_compute_subnetwork.inspec-gcp-subnetwork.network + subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link + default_port = var.network_endpoint_group["default_port"] + zone = var.gcp_zone +} + +data "google_compute_node_types" "zone-node-type" { + project = var.gcp_project_id + zone = var.gcp_zone +} + +resource "google_compute_node_template" "inspec-template" { + project = var.gcp_project_id + region = var.gcp_location + + name = var.node_template["name"] + node_type = data.google_compute_node_types.zone-node-type.names[0] + + node_affinity_labels = { + "${var.node_template["label_key"]}" = var.node_template["label_value"] + } +} + +resource "google_compute_node_group" "inspec-node-group" { + project = var.gcp_project_id + name = var.node_group["name"] + zone = var.gcp_zone + description = var.node_group["description"] + + size = var.node_group["size"] + node_template = google_compute_node_template.inspec-template.self_link +} + +resource "google_compute_router_nat" "inspec-nat" { + project = var.gcp_project_id + name = var.router_nat["name"] + router = google_compute_router.gcp-inspec-router.name + region = google_compute_router.gcp-inspec-router.region + nat_ip_allocate_option = var.router_nat["nat_ip_allocate_option"] + source_subnetwork_ip_ranges_to_nat = var.router_nat["source_subnetwork_ip_ranges_to_nat"] + min_ports_per_vm = var.router_nat["min_ports_per_vm"] + + log_config { + enable = var.router_nat["log_config_enable"] + filter = var.router_nat["log_config_filter"] + } +} + +resource "google_project_service" "project" { + project = var.gcp_project_id + service = var.service["name"] +} + +resource "google_service_account" "spanner_service_account" { + project = var.gcp_project_id + account_id = "${var.gcp_service_account_display_name}-sp" + display_name = "${var.gcp_service_account_display_name}-sp" +} + +resource "google_service_account_key" "userkey" { + service_account_id = google_service_account.spanner_service_account.name + public_key_type = "TYPE_X509_PEM_FILE" +} + +resource "google_spanner_instance" "spanner_instance" { + project = var.gcp_project_id + config = var.spannerinstance["config"] + name = var.spannerinstance["name"] + display_name = var.spannerinstance["display_name"] + num_nodes = var.spannerinstance["num_nodes"] + labels = { + "${var.spannerinstance["label_key"]}" = var.spannerinstance["label_value"] + } +} + +resource "google_spanner_instance_iam_binding" "instance" { + project = var.gcp_project_id + instance = google_spanner_instance.spanner_instance.name + role = "roles/editor" + + members = [ + "serviceAccount:${google_service_account.spanner_service_account.email}", + ] +} + +resource "google_spanner_database" "database" { + project = var.gcp_project_id + instance = google_spanner_instance.spanner_instance.name + name = var.spannerdatabase["name"] + ddl = [var.spannerdatabase["ddl"]] +} + +resource "google_cloud_scheduler_job" "job" { + project = var.gcp_project_id + region = var.scheduler_job["region"] + name = var.scheduler_job["name"] + description = var.scheduler_job["description"] + schedule = var.scheduler_job["schedule"] + time_zone = var.scheduler_job["time_zone"] + + http_target { + http_method = var.scheduler_job["http_method"] + uri = var.scheduler_job["http_target_uri"] + } +} + +variable "service_perimeter" { + type = any +} + +resource "google_access_context_manager_service_perimeter" "service-perimeter" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/servicePerimeters/${var.service_perimeter["name"]}" + title = var.service_perimeter["title"] + status { + restricted_services = [var.service_perimeter["restricted_service"]] + } +} + +resource "google_access_context_manager_access_policy" "access-policy" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + parent = "organizations/${var.gcp_organization_id}" + title = var.service_perimeter["policy_title"] +} + +resource "google_access_context_manager_access_level" "access-level" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/accessLevels/os_lock" + title = "os_lock" + basic { + conditions { + device_policy { + require_screen_lock = true + } + regions = [ + "CH", + "IT", + "US", + ] + } + } +} + +variable "firewall" { + type = any +} + +resource "google_compute_firewall" "mm-firewall" { + project = var.gcp_project_id + name = var.firewall["name"] + enable_logging = true + network = google_compute_network.inspec-gcp-network.name + + allow { + protocol = "tcp" + ports = ["80", "8080", "1000-2000"] + } + + source_tags = [var.firewall["source_tag"]] +} + +variable "address" { + type = any +} + +resource "google_compute_address" "internal_with_subnet_and_address" { + project = var.gcp_project_id + name = var.address["name"] + subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link + address_type = var.address["address_type"] + address = var.address["address"] + region = var.gcp_location +} + +variable "instance_group" { + type = any +} + +resource "google_compute_instance_group" "inspec-instance-group" { + project = var.gcp_project_id + zone = var.gcp_zone + name = var.instance_group["name"] + description = var.instance_group["description"] + + named_port { + name = var.instance_group["named_port_name"] + port = var.instance_group["named_port_port"] + } +} + +variable "instance" { + type = any +} + +resource "google_compute_instance" "inspec-instance" { + project = var.gcp_project_id + zone = var.gcp_zone + name = var.instance["name"] + machine_type = var.instance["machine_type"] + + tags = [var.instance["tag_1"], var.instance["tag_2"]] + + boot_disk { + initialize_params { + image = "debian-cloud/debian-9" + } + } + + network_interface { + network = "default" + + access_config { + // Ephemeral IP + } + } + + metadata = { + "${var.instance["metadata_key"]}" = var.instance["metadata_value"] + } + + metadata_startup_script = var.instance["startup_script"] + + service_account { + scopes = [var.instance["sa_scope"]] + } +} + +variable "network" { + type = any +} + +resource "google_compute_network" "inspec-network" { + project = var.gcp_project_id + name = var.network["name"] + routing_mode = var.network["routing_mode"] +} + +variable "subnetwork" { + type = any +} + +resource "google_compute_subnetwork" "subnet-with-logging" { + project = var.gcp_project_id + region = var.gcp_location + name = var.subnetwork["name"] + ip_cidr_range = var.subnetwork["ip_cidr_range"] + network = google_compute_network.inspec-network.self_link + + log_config { + aggregation_interval = var.subnetwork["log_interval"] + flow_sampling = var.subnetwork["log_sampling"] + metadata = var.subnetwork["log_metadata"] + } +} + +variable "rigm" { + type = any +} + variable "sql_connect" { type = any } -# -#resource "google_compute_region_instance_group_manager" "inspec-rigm" { -# project = var.gcp_project_id -# region = var.gcp_location -# name = var.rigm["name"] -# -# base_instance_name = var.rigm["base_instance_name"] -# -# version { -# instance_template = google_compute_instance_template.gcp-inspec-instance-template.self_link -# } -# -# target_pools = [google_compute_target_pool.gcp-inspec-target-pool.self_link] -# target_size = var.rigm["target_size"] -# -# named_port { -# name = var.rigm["named_port_name"] -# port = var.rigm["named_port_port"] -# } -# -# auto_healing_policies { -# health_check = google_compute_health_check.gcp-inspec-health-check.self_link -# initial_delay_sec = var.rigm["healing_delay"] -# } -#} -# -#variable "vpn_tunnel" { -# type = any -#} -# -#resource "google_compute_vpn_tunnel" "tunnel1" { -# project = var.gcp_project_id -# name = var.vpn_tunnel["name"] -# peer_ip = var.vpn_tunnel["peer_ip"] -# shared_secret = var.vpn_tunnel["shared_secret"] -# -# remote_traffic_selector = ["0.0.0.0/0"] -# local_traffic_selector = ["0.0.0.0/0"] -# target_vpn_gateway = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link -# -# depends_on = [ -# google_compute_forwarding_rule.inspec-gcp-fr-esp, -# google_compute_forwarding_rule.inspec-gcp-fr-udp500, -# google_compute_forwarding_rule.inspec-gcp-fr-udp4500, -# ] -#} -# -#variable "alert_policy" { -# type = any -#} -# -#resource "google_monitoring_alert_policy" "alert_policy" { -# project = var.gcp_project_id -# display_name = var.alert_policy["display_name"] -# combiner = var.alert_policy["combiner"] -# conditions { -# display_name = var.alert_policy["condition_display_name"] -# condition_threshold { -# filter = var.alert_policy["condition_filter"] -# duration = var.alert_policy["condition_duration"] -# comparison = var.alert_policy["condition_comparison"] -# aggregations { -# alignment_period = "60s" -# per_series_aligner = "ALIGN_RATE" -# } -# } -# } -#} -# -#variable "dns_managed_zone" { -# type = any -#} -# -#variable "gcp_dns_zone_name" {} -# -#resource "google_dns_managed_zone" "example-zone" { -# project = var.gcp_project_id -# name = var.dns_managed_zone["name"] -# dns_name = "${var.gcp_dns_zone_name}" -# description = var.dns_managed_zone["description"] -# dnssec_config { -# state = var.dns_managed_zone["dnssec_config_state"] -# default_key_specs { -# algorithm = "rsasha256" -# key_type = "zoneSigning" -# key_length = 2048 -# } -# default_key_specs { -# algorithm = "rsasha512" -# key_type = "keySigning" -# key_length = 2048 -# } -# } -#} -# -#variable "logging_metric" { -# type = any -#} -# -#resource "google_logging_metric" "logging_metric" { -# project = var.gcp_project_id -# name = var.logging_metric["name"] -# filter = var.logging_metric["filter"] -# metric_descriptor { -# metric_kind = var.logging_metric["metric_kind"] -# value_type = var.logging_metric["value_type"] -# } -#} -# -#variable "compute_image" { -# type = any -#} -# -#resource "google_compute_image" "example" { -# project = var.gcp_project_id -# name = var.compute_image["name"] -# -# raw_disk { -# source = var.compute_image["source"] -# } -#} -# -#variable "gcp_organization_iam_custom_role_id" {} -# -#resource "google_organization_iam_custom_role" "generic_org_iam_custom_role" { -# count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" -# org_id = var.gcp_organization_id -# role_id = var.gcp_organization_iam_custom_role_id -# title = "GCP Inspec Generic Organization IAM Custom Role" -# description = "Custom role allowing to list IAM roles only" -# permissions = ["iam.roles.list"] -#} -# -#variable "security_policy" { -# type = any -#} -# -#resource "google_compute_security_policy" "policy" { -# project = var.gcp_project_id -# name = var.security_policy["name"] -# -# rule { -# action = var.security_policy["action"] -# priority = var.security_policy["priority"] -# match { -# versioned_expr = "SRC_IPS_V1" -# config { -# src_ip_ranges = [var.security_policy["ip_range"]] -# } -# } -# description = var.security_policy["description"] -# } -# -# rule { -# action = "allow" -# priority = "2147483647" -# match { -# versioned_expr = "SRC_IPS_V1" -# config { -# src_ip_ranges = ["*"] -# } -# } -# description = "default rule" -# } -#} -# -#variable "memcache_instance" { -# type = any -#} -# -#resource "google_compute_network" "memcache_network" { -# provider = google-beta -# project = var.gcp_project_id -# name = "inspec-gcp-memcache" -#} -# -#resource "google_compute_global_address" "service_range" { -# provider = google-beta -# project = var.gcp_project_id -# name = "inspec-gcp-memcache" -# purpose = "VPC_PEERING" -# address_type = "INTERNAL" -# prefix_length = 16 -# network = google_compute_network.memcache_network.id -#} -# -#resource "google_service_networking_connection" "private_service_connection" { -# provider = google-beta -# network = google_compute_network.memcache_network.id -# service = "servicenetworking.googleapis.com" -# reserved_peering_ranges = [google_compute_global_address.service_range.name] -#} -# -#resource "google_memcache_instance" "instance" { -# provider = google-beta -# name = var.memcache_instance["name"] -# project = var.gcp_project_id -# region = var.gcp_location -# authorized_network = google_service_networking_connection.private_service_connection.network -# -# node_config { -# cpu_count = 1 -# memory_size_mb = 1024 -# } -# node_count = 1 -#} -# -#resource "google_compute_interconnect_attachment" "on_prem" { -# name = "on-prem-attachment" -# edge_availability_domain = "AVAILABILITY_DOMAIN_1" -# type = "PARTNER" -# router = google_compute_router.gcp-inspec-router.id -# mtu = 1500 -#} -# + +resource "google_compute_region_instance_group_manager" "inspec-rigm" { + project = var.gcp_project_id + region = var.gcp_location + name = var.rigm["name"] + + base_instance_name = var.rigm["base_instance_name"] + + version { + instance_template = google_compute_instance_template.gcp-inspec-instance-template.self_link + } + + target_pools = [google_compute_target_pool.gcp-inspec-target-pool.self_link] + target_size = var.rigm["target_size"] + + named_port { + name = var.rigm["named_port_name"] + port = var.rigm["named_port_port"] + } + + auto_healing_policies { + health_check = google_compute_health_check.gcp-inspec-health-check.self_link + initial_delay_sec = var.rigm["healing_delay"] + } +} + +variable "vpn_tunnel" { + type = any +} + +resource "google_compute_vpn_tunnel" "tunnel1" { + project = var.gcp_project_id + name = var.vpn_tunnel["name"] + peer_ip = var.vpn_tunnel["peer_ip"] + shared_secret = var.vpn_tunnel["shared_secret"] + + remote_traffic_selector = ["0.0.0.0/0"] + local_traffic_selector = ["0.0.0.0/0"] + target_vpn_gateway = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link + + depends_on = [ + google_compute_forwarding_rule.inspec-gcp-fr-esp, + google_compute_forwarding_rule.inspec-gcp-fr-udp500, + google_compute_forwarding_rule.inspec-gcp-fr-udp4500, + ] +} + +variable "alert_policy" { + type = any +} + +resource "google_monitoring_alert_policy" "alert_policy" { + project = var.gcp_project_id + display_name = var.alert_policy["display_name"] + combiner = var.alert_policy["combiner"] + conditions { + display_name = var.alert_policy["condition_display_name"] + condition_threshold { + filter = var.alert_policy["condition_filter"] + duration = var.alert_policy["condition_duration"] + comparison = var.alert_policy["condition_comparison"] + aggregations { + alignment_period = "60s" + per_series_aligner = "ALIGN_RATE" + } + } + } +} + +variable "dns_managed_zone" { + type = any +} + +variable "gcp_dns_zone_name" {} + +resource "google_dns_managed_zone" "example-zone" { + project = var.gcp_project_id + name = var.dns_managed_zone["name"] + dns_name = "${var.gcp_dns_zone_name}" + description = var.dns_managed_zone["description"] + dnssec_config { + state = var.dns_managed_zone["dnssec_config_state"] + default_key_specs { + algorithm = "rsasha256" + key_type = "zoneSigning" + key_length = 2048 + } + default_key_specs { + algorithm = "rsasha512" + key_type = "keySigning" + key_length = 2048 + } + } +} + +variable "logging_metric" { + type = any +} + +resource "google_logging_metric" "logging_metric" { + project = var.gcp_project_id + name = var.logging_metric["name"] + filter = var.logging_metric["filter"] + metric_descriptor { + metric_kind = var.logging_metric["metric_kind"] + value_type = var.logging_metric["value_type"] + } +} + +variable "compute_image" { + type = any +} + +resource "google_compute_image" "example" { + project = var.gcp_project_id + name = var.compute_image["name"] + + raw_disk { + source = var.compute_image["source"] + } +} + +variable "gcp_organization_iam_custom_role_id" {} + +resource "google_organization_iam_custom_role" "generic_org_iam_custom_role" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + org_id = var.gcp_organization_id + role_id = var.gcp_organization_iam_custom_role_id + title = "GCP Inspec Generic Organization IAM Custom Role" + description = "Custom role allowing to list IAM roles only" + permissions = ["iam.roles.list"] +} + +variable "security_policy" { + type = any +} + +resource "google_compute_security_policy" "policy" { + project = var.gcp_project_id + name = var.security_policy["name"] + + rule { + action = var.security_policy["action"] + priority = var.security_policy["priority"] + match { + versioned_expr = "SRC_IPS_V1" + config { + src_ip_ranges = [var.security_policy["ip_range"]] + } + } + description = var.security_policy["description"] + } + + rule { + action = "allow" + priority = "2147483647" + match { + versioned_expr = "SRC_IPS_V1" + config { + src_ip_ranges = ["*"] + } + } + description = "default rule" + } +} + +variable "memcache_instance" { + type = any +} + +resource "google_compute_network" "memcache_network" { + provider = google-beta + project = var.gcp_project_id + name = "inspec-gcp-memcache" +} + +resource "google_compute_global_address" "service_range" { + provider = google-beta + project = var.gcp_project_id + name = "inspec-gcp-memcache" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.memcache_network.id +} + +resource "google_service_networking_connection" "private_service_connection" { + provider = google-beta + network = google_compute_network.memcache_network.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.service_range.name] +} + +resource "google_memcache_instance" "instance" { + provider = google-beta + name = var.memcache_instance["name"] + project = var.gcp_project_id + region = var.gcp_location + authorized_network = google_service_networking_connection.private_service_connection.network + + node_config { + cpu_count = 1 + memory_size_mb = 1024 + } + node_count = 1 +} + +resource "google_compute_interconnect_attachment" "on_prem" { + name = "on-prem-attachment" + edge_availability_domain = "AVAILABILITY_DOMAIN_1" + type = "PARTNER" + router = google_compute_router.gcp-inspec-router.id + mtu = 1500 +} + resource "google_sql_ssl_cert" "client_cert" { common_name = var.sql_connect["common_name"] instance = var.gcp_db_instance_name From 1fea003ef0d43fbc85e6acf783a81ce31aafe66c Mon Sep 17 00:00:00 2001 From: Samir Anand Date: Wed, 6 Dec 2023 12:03:05 +0530 Subject: [PATCH 07/16] labels updated Signed-off-by: Samir Anand --- .../composer/property/projectlocationenvironment_labels.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libraries/google/composer/property/projectlocationenvironment_labels.rb b/libraries/google/composer/property/projectlocationenvironment_labels.rb index 5da4c3f7c..ea7eae333 100644 --- a/libraries/google/composer/property/projectlocationenvironment_labels.rb +++ b/libraries/google/composer/property/projectlocationenvironment_labels.rb @@ -21,8 +21,9 @@ class ProjectLocationEnvironmentLabels def initialize(args = nil, parent_identifier = nil) return if args.nil? + @parent_identifier = parent_identifier - @additional_properties = args['additionalProperties'] + @additional_properties = args end def to_s @@ -31,4 +32,4 @@ def to_s end end end -end +end \ No newline at end of file From afdbb350db8fa066e5b3871719f18774c927fae7 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Wed, 6 Dec 2023 14:57:49 +0530 Subject: [PATCH 08/16] chore: fix lint offense; missing newline Signed-off-by: Sonu Saha --- .../composer/property/projectlocationenvironment_labels.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/google/composer/property/projectlocationenvironment_labels.rb b/libraries/google/composer/property/projectlocationenvironment_labels.rb index ea7eae333..6ff6720b7 100644 --- a/libraries/google/composer/property/projectlocationenvironment_labels.rb +++ b/libraries/google/composer/property/projectlocationenvironment_labels.rb @@ -32,4 +32,4 @@ def to_s end end end -end \ No newline at end of file +end From 5fc9a2d250da14ae040da0828fbca4c4be3d61b6 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Wed, 6 Dec 2023 16:09:20 +0530 Subject: [PATCH 09/16] specs: update test with realistic examples Signed-off-by: Sonu Saha --- ...e_composer_project_location_environment.rb | 90 ++++++++++++++--- ..._composer_project_location_environments.rb | 97 ++++++++++++++++--- 2 files changed, 161 insertions(+), 26 deletions(-) diff --git a/test/integration/verify/controls/google_composer_project_location_environment.rb b/test/integration/verify/controls/google_composer_project_location_environment.rb index 4de9f9d26..d42da7437 100644 --- a/test/integration/verify/controls/google_composer_project_location_environment.rb +++ b/test/integration/verify/controls/google_composer_project_location_environment.rb @@ -16,14 +16,77 @@ gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') - project_location_environment = input('project_location_environment', value: { - "name": "value_name", - "parent": "value_parent", - "uuid": "value_uuid", - "state": "value_state", - "create_time": "value_createtime", - "update_time": "value_updatetime" -}, description: 'project_location_environment description') +# here ppradhan is a sample project id in the parent and name field + +project_location_environment = input('project_location_environment', value: { + "parent": "projects/ppradhan/locations/asia-east2", + "name": "projects/ppradhan/locations/asia-east2/environments/inspec-test-composer-2", + "config": { + "gkeCluster": "projects/ppradhan/zones/asia-east2-a/clusters/asia-east2-inspec-test-comp-88997323-gke", + "dagGcsPrefix": "gs://asia-east2-inspec-test-comp-88997323-bucket/dags", + "nodeCount": 3, + "softwareConfig": { + "imageVersion": "composer-1.20.12-airflow-2.4.3", + "pythonVersion": "3", + "schedulerCount": 1 + }, + "nodeConfig": { + "location": "projects/ppradhan/zones/asia-east2-a", + "machineType": "projects/ppradhan/zones/asia-east2-a/machineTypes/n1-standard-1", + "network": "projects/ppradhan/global/networks/default", + "diskSizeGb": 100, + "oauthScopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "serviceAccount": "165434197229-compute@developer.gserviceaccount.com", + "ipAllocationPolicy": {} + }, + "airflowUri": "https://ue20b0f31e51f44b8p-tp.appspot.com", + "privateEnvironmentConfig": { + "privateClusterConfig": {}, + "webServerIpv4CidrBlock": "172.31.255.0/24", + "cloudSqlIpv4CidrBlock": "10.0.0.0/12" + }, + "webServerNetworkAccessControl": { + "allowedIpRanges": [ + { + "value": "0.0.0.0/0", + "description": "Allows access from all IPv4 addresses (default value)" + }, + { + "value": "::0/0", + "description": "Allows access from all IPv6 addresses (default value)" + } + ] + }, + "databaseConfig": { + "machineType": "db-n1-standard-2" + }, + "webServerConfig": { + "machineType": "composer-n1-webserver-2" + }, + "encryptionConfig": {}, + "maintenanceWindow": { + "startTime": "2023-12-04T18:30:00Z", + "endTime": "2023-12-04T22:30:00Z", + "recurrence": "FREQ=WEEKLY;BYDAY=TH,FR,SA" + }, + "workloadsConfig": {} + }, + "labels": { + "user": "inspec", + "org": "chef", + }, + "uuid": "e117678d-9dbf-4fe2-8bb0-888efb9bc97e", + "state": "RUNNING", + "createTime": "2023-12-05T07:45:52.257367Z", + "updateTime": "2023-12-05T10:06:10.077790Z", + "storageConfig": { + "bucket": "asia-east2-inspec-test-comp-88997323-bucket" + }, + }, + description: 'project_location_environment description') + control 'google_composer_project_location_environment-1.0' do impact 1.0 title 'google_composer_project_location_environment resource test' @@ -33,12 +96,15 @@ its('name') { should cmp project_location_environment['name'] } its('uuid') { should cmp project_location_environment['uuid'] } its('state') { should cmp project_location_environment['state'] } - its('create_time') { should cmp project_location_environment['create_time'] } - its('update_time') { should cmp project_location_environment['update_time'] } - + its('create_time') { should cmp project_location_environment['createTime'] } + its('update_time') { should cmp project_location_environment['updateTime'] } + its('config.gke_cluster') { should cmp project_location_environment['config'][:gkeCluster] } + its('labels.additional_properties') { should cmp project_location_environment['labels'].transform_keys(&:to_s) } + its('satisfies_pzs') { should cmp project_location_environment['satisfies_pzs'] } + its('storage_config.bucket') { should cmp project_location_environment['storageConfig'][:bucket] } end - describe google_composer_project_location_environment(name: "does_not_exit") do + describe google_composer_project_location_environment(name: "does_not_exist") do it { should_not exist } end end diff --git a/test/integration/verify/controls/google_composer_project_location_environments.rb b/test/integration/verify/controls/google_composer_project_location_environments.rb index 4d1202fa6..af0793125 100644 --- a/test/integration/verify/controls/google_composer_project_location_environments.rb +++ b/test/integration/verify/controls/google_composer_project_location_environments.rb @@ -16,19 +16,88 @@ gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') - project_location_environment = input('project_location_environment', value: { - "name": "value_name", - "parent": "value_parent", - "uuid": "value_uuid", - "state": "value_state", - "create_time": "value_createtime", - "update_time": "value_updatetime" -}, description: 'project_location_environment description') -control 'google_composer_project_location_environments-1.0' do - impact 1.0 - title 'google_composer_project_location_environments resource test' +# here ppradhan is a sample project id in the parent and name field +project_location_environment = input('project_location_environment', value: { + "parent": "projects/ppradhan/locations/asia-east2", + "name": "projects/ppradhan/locations/asia-east2/environments/inspec-test-composer-2", + "config": { + "gkeCluster": "projects/ppradhan/zones/asia-east2-a/clusters/asia-east2-inspec-test-comp-88997323-gke", + "dagGcsPrefix": "gs://asia-east2-inspec-test-comp-88997323-bucket/dags", + "nodeCount": 3, + "softwareConfig": { + "imageVersion": "composer-1.20.12-airflow-2.4.3", + "pythonVersion": "3", + "schedulerCount": 1 + }, + "nodeConfig": { + "location": "projects/ppradhan/zones/asia-east2-a", + "machineType": "projects/ppradhan/zones/asia-east2-a/machineTypes/n1-standard-1", + "network": "projects/ppradhan/global/networks/default", + "diskSizeGb": 100, + "oauthScopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "serviceAccount": "165434197229-compute@developer.gserviceaccount.com", + "ipAllocationPolicy": {} + }, + "airflowUri": "https://ue20b0f31e51f44b8p-tp.appspot.com", + "privateEnvironmentConfig": { + "privateClusterConfig": {}, + "webServerIpv4CidrBlock": "172.31.255.0/24", + "cloudSqlIpv4CidrBlock": "10.0.0.0/12" + }, + "webServerNetworkAccessControl": { + "allowedIpRanges": [ + { + "value": "0.0.0.0/0", + "description": "Allows access from all IPv4 addresses (default value)" + }, + { + "value": "::0/0", + "description": "Allows access from all IPv6 addresses (default value)" + } + ] + }, + "databaseConfig": { + "machineType": "db-n1-standard-2" + }, + "webServerConfig": { + "machineType": "composer-n1-webserver-2" + }, + "encryptionConfig": {}, + "maintenanceWindow": { + "startTime": "2023-12-04T18:30:00Z", + "endTime": "2023-12-04T22:30:00Z", + "recurrence": "FREQ=WEEKLY;BYDAY=TH,FR,SA" + }, + "workloadsConfig": {} + }, + "labels": { + "user": "inspec", + "org": "chef", + }, + "uuid": "e117678d-9dbf-4fe2-8bb0-888efb9bc97e", + "state": "RUNNING", + "createTime": "2023-12-05T07:45:52.257367Z", + "updateTime": "2023-12-05T10:06:10.077790Z", + "storageConfig": { + "bucket": "asia-east2-inspec-test-comp-88997323-bucket" + }, + }, + description: 'project_location_environment description') - describe google_composer_project_location_environments(parent: project_location_environment['parent']) do - it { should exist } - end +control 'google_composer_project_location_environments-2.0' do + describe google_composer_project_location_environments(parent: project_location_environment['parent']) do + it { should exist } + its('names') { should include(project_location_environment['name']) } + its('uuids') { should include(project_location_environment['uuid']) } + its('states') { should include(project_location_environment['state']) } + its('create_times') { should include(project_location_environment['createTime']) } + its('update_times') { should include(project_location_environment['updateTime']) } + its('satisfies_pzs') { should include(project_location_environment['satisfies_pzs']) } + end + + describe google_composer_project_location_environments(parent: "projects/ppradhan/locations/us-east2") do + it { should_not exist } + end end From 67526eb5dfb2550c59ed00879b087fc625b98d4b Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Wed, 6 Dec 2023 16:17:45 +0530 Subject: [PATCH 10/16] docs: update docs with more test for properties Signed-off-by: Sonu Saha --- .../google_composer_project_location_environment.md | 13 ++++++++----- ...google_composer_project_location_environments.md | 6 ++++++ 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/docs/resources/google_composer_project_location_environment.md b/docs/resources/google_composer_project_location_environment.md index fec74bbc0..eddffc04d 100644 --- a/docs/resources/google_composer_project_location_environment.md +++ b/docs/resources/google_composer_project_location_environment.md @@ -15,7 +15,10 @@ describe google_composer_project_location_environment(name: ' value_name') do its('state') { should cmp 'value_state' } its('create_time') { should cmp 'value_createtime' } its('update_time') { should cmp 'value_updatetime' } - + its('satisfies_pzs') { should cmp 'value_satisfies_pzs' } + its('config.gke_cluster') { should cmp 'value_gke_cluster' } + its('labels.additional_properties') { should cmp label_hash } + its('storage_config.bucket') { should cmp 'value_bucket_id' } end describe google_composer_project_location_environment(name: "does_not_exit") do @@ -43,15 +46,15 @@ Properties that can be accessed from the `google_composer_project_location_envir * `airflow_config_overrides`: Optional. Apache Airflow configuration properties to override. Property keys contain the section and property names, separated by a hyphen, for example "core-dags_are_paused_at_creation". Section names must not contain hyphens ("-"), opening square brackets ("["), or closing square brackets ("]"). The property name must not be empty and must not contain an equals sign ("=") or semicolon (";"). Section and property names must not contain a period ("."). Apache Airflow configuration property names must be written in [snake_case](https://en.wikipedia.org/wiki/Snake_case). Property values can contain any character, and can be written in any lower/upper case format. Certain Apache Airflow configuration property values are [blocked](/composer/docs/concepts/airflow-configurations), and cannot be overridden. - * `additional_properties`: + * `additional_properties`: * `pypi_packages`: Optional. Custom Python Package Index (PyPI) packages to be installed in the environment. Keys refer to the lowercase package name such as "numpy" and values are the lowercase extras and version specifier such as "==1.12.0", "[devel,gcp_api]", or "[devel]>=1.8.2, <1.9.2". To specify a package without pinning it to a version specifier, use the empty string as the value. - * `additional_properties`: + * `additional_properties`: * `env_variables`: Optional. Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. Environment variable names must match the regular expression `a-zA-Z_*`. They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression `AIRFLOW__[A-Z0-9_]+__[A-Z0-9_]+`), and they cannot match any of the following reserved names: * `AIRFLOW_HOME` * `C_FORCE_ROOT` * `CONTAINER_NAME` * `DAGS_FOLDER` * `GCP_PROJECT` * `GCS_BUCKET` * `GKE_CLUSTER_NAME` * `SQL_DATABASE` * `SQL_INSTANCE` * `SQL_PASSWORD` * `SQL_PROJECT` * `SQL_REGION` * `SQL_USER` - * `additional_properties`: + * `additional_properties`: * `python_version`: Optional. The major version of Python used to run the Apache Airflow scheduler, worker, and webserver processes. Can be set to '2' or '3'. If not specified, the default is '3'. Cannot be updated. This field is only supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. Environments in newer versions always use Python major version 3. @@ -248,7 +251,7 @@ Properties that can be accessed from the `google_composer_project_location_envir * `labels`: Optional. User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: * Keys must conform to regexp: \p{Ll}\p{Lo}{0,62} * Values must conform to regexp: [\p{Ll}\p{Lo}\p{N}_-]{0,63} * Both keys and values are additionally constrained to be <= 128 bytes in size. - * `additional_properties`: + * `additional_properties`: * `satisfies_pzs`: Output only. Reserved for future use. diff --git a/docs/resources/google_composer_project_location_environments.md b/docs/resources/google_composer_project_location_environments.md index a14578e87..5f8268837 100644 --- a/docs/resources/google_composer_project_location_environments.md +++ b/docs/resources/google_composer_project_location_environments.md @@ -10,6 +10,12 @@ A `google_composer_project_location_environments` is used to test a Google Proje ``` describe google_composer_project_location_environments(parent: ' value_parent') do it { should exist } + its('name') { should include('value_name') } + its('uuid') { should include('value_uuid') } + its('state') { should include('value_state') } + its('create_time') { should include('value_createtime') } + its('update_time') { should include('value_updatetime') } + its('satisfies_pzs') { should include('value_satisfies_pzs') } end ``` From 0bf1a48995a0e3b72b421412a532da921b695191 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Wed, 6 Dec 2023 16:20:44 +0530 Subject: [PATCH 11/16] docs: update root readme with google_composer_project_location_environment(s) resource Signed-off-by: Sonu Saha --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e9dde7920..825ddf82b 100644 --- a/README.md +++ b/README.md @@ -373,6 +373,7 @@ The following resources are available in the InSpec GCP Profile | [google_vertex_ai_tensorboard_experiment_run](docs/resources/google_vertex_ai_tensorboard_experiment_run.md) | [google_vertex_ai_tensorboard_experiment_runs](docs/resources/google_vertex_ai_tensorboard_experiment_runs.md) | | [google_vertex_ai_tensorboard_experiment_run_time_series_resource](docs/resources/google_vertex_ai_tensorboard_experiment_run_time_series_resource.md) | [google_vertex_ai_tensorboard_experiment_run_time_series_resources](docs/resources/google_vertex_ai_tensorboard_experiment_run_time_series_resources.md) | | [google_vertex_ai_training_pipeline](docs/resources/google_vertex_ai_training_pipeline.md) | [google_vertex_ai_training_pipelines](docs/resources/google_vertex_ai_training_pipelines.md) | +| [google_composer_project_location_environment](docs/resources/google_composer_project_location_environment.md) | [google_composer_project_location_environments](docs/resources/google_composer_project_location_environment.md) | ## Examples From 09f2defec9676519551a52a88dbbd08187128a30 Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Wed, 6 Dec 2023 16:24:48 +0000 Subject: [PATCH 12/16] Bump version to 1.11.57 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 9 +++++++-- VERSION | 2 +- inspec.yml | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 78c3a667e..779b21ca7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,16 @@ # Change Log - + +## [v1.11.57](https://github.com/inspec/inspec-gcp/tree/v1.11.57) (2023-12-06) + +#### Merged Pull Requests +- chore: uncomment terraform scripts [#549](https://github.com/inspec/inspec-gcp/pull/549) ([ahasunos](https://github.com/ahasunos)) + + ## [v1.11.56](https://github.com/inspec/inspec-gcp/tree/v1.11.56) (2023-12-06) #### Merged Pull Requests - CHEF-7369 Updated dataproc_cluster resource [#545](https://github.com/inspec/inspec-gcp/pull/545) ([Nik08](https://github.com/Nik08)) - ## [v1.11.55](https://github.com/inspec/inspec-gcp/tree/v1.11.55) (2023-12-05) diff --git a/VERSION b/VERSION index 0c9970226..74c9c4059 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.56 \ No newline at end of file +1.11.57 \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index e715b0e52..39dff58cd 100644 --- a/inspec.yml +++ b/inspec.yml @@ -4,7 +4,7 @@ maintainer: spaterson@chef.io,russell.seymour@turtlesystems.co.uk summary: This resource pack provides compliance resources_old_ignore for Google Cloud Platform copyright: spaterson@chef.io,russell.seymour@turtlesystems.co.uk copyright_email: spaterson@chef.io,russell.seymour@turtlesystems.co.uk -version: 1.11.56 +version: 1.11.57 license: Apache-2.0 inspec_version: '>= 4.7.3' supports: From 646b0d950307804eb38bd127c3b17ffb379c288e Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Thu, 7 Dec 2023 16:36:55 +0530 Subject: [PATCH 13/16] iac: add terraform script for google_composer_v1_environment resource Signed-off-by: Sonu Saha --- test/integration/build/gcp-mm.tf | 13 +++++++++++++ test/integration/configuration/mm-attributes.yml | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index 748179b4c..12f43a6bd 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -216,6 +216,9 @@ variable "scheduler_job" { type = any } +variable "cloud_composer" { + type = any +} resource "google_compute_ssl_policy" "custom-ssl-policy" { name = var.ssl_policy["name"] @@ -1552,3 +1555,13 @@ resource "google_vertex_ai_index" "index" { } index_update_method = "STREAM_UPDATE" } + +resource "google_composer_v1_environment" "test" { + name = var.cloud_composer_v1["name"] + region = var.cloud_composer_v1["region"] + config { + software_config { + image_version = var.cloud_composer_v1["image_version"] + } + } +} diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml index db5c85cba..37074e018 100644 --- a/test/integration/configuration/mm-attributes.yml +++ b/test/integration/configuration/mm-attributes.yml @@ -557,3 +557,8 @@ dlp: name: "dlp-template-inspec" location: "europe-west2" type: "Infotype" + +cloud_composer_v1: + name : "example-composer-env" + region : "us-central1" + image_version : "composer-1.20.12-airflow-2.4.3" From 8ba78c003818fd8769ba11661eabf1b6ecabe17a Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Thu, 7 Dec 2023 16:37:43 +0530 Subject: [PATCH 14/16] specs: update test to match terraform deployed resource name Signed-off-by: Sonu Saha --- ...e_composer_project_location_environment.rb | 75 +------------------ ..._composer_project_location_environments.rb | 73 +----------------- 2 files changed, 5 insertions(+), 143 deletions(-) diff --git a/test/integration/verify/controls/google_composer_project_location_environment.rb b/test/integration/verify/controls/google_composer_project_location_environment.rb index d42da7437..661995fe6 100644 --- a/test/integration/verify/controls/google_composer_project_location_environment.rb +++ b/test/integration/verify/controls/google_composer_project_location_environment.rb @@ -16,74 +16,10 @@ gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') -# here ppradhan is a sample project id in the parent and name field - project_location_environment = input('project_location_environment', value: { - "parent": "projects/ppradhan/locations/asia-east2", - "name": "projects/ppradhan/locations/asia-east2/environments/inspec-test-composer-2", - "config": { - "gkeCluster": "projects/ppradhan/zones/asia-east2-a/clusters/asia-east2-inspec-test-comp-88997323-gke", - "dagGcsPrefix": "gs://asia-east2-inspec-test-comp-88997323-bucket/dags", - "nodeCount": 3, - "softwareConfig": { - "imageVersion": "composer-1.20.12-airflow-2.4.3", - "pythonVersion": "3", - "schedulerCount": 1 - }, - "nodeConfig": { - "location": "projects/ppradhan/zones/asia-east2-a", - "machineType": "projects/ppradhan/zones/asia-east2-a/machineTypes/n1-standard-1", - "network": "projects/ppradhan/global/networks/default", - "diskSizeGb": 100, - "oauthScopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "serviceAccount": "165434197229-compute@developer.gserviceaccount.com", - "ipAllocationPolicy": {} - }, - "airflowUri": "https://ue20b0f31e51f44b8p-tp.appspot.com", - "privateEnvironmentConfig": { - "privateClusterConfig": {}, - "webServerIpv4CidrBlock": "172.31.255.0/24", - "cloudSqlIpv4CidrBlock": "10.0.0.0/12" - }, - "webServerNetworkAccessControl": { - "allowedIpRanges": [ - { - "value": "0.0.0.0/0", - "description": "Allows access from all IPv4 addresses (default value)" - }, - { - "value": "::0/0", - "description": "Allows access from all IPv6 addresses (default value)" - } - ] - }, - "databaseConfig": { - "machineType": "db-n1-standard-2" - }, - "webServerConfig": { - "machineType": "composer-n1-webserver-2" - }, - "encryptionConfig": {}, - "maintenanceWindow": { - "startTime": "2023-12-04T18:30:00Z", - "endTime": "2023-12-04T22:30:00Z", - "recurrence": "FREQ=WEEKLY;BYDAY=TH,FR,SA" - }, - "workloadsConfig": {} - }, - "labels": { - "user": "inspec", - "org": "chef", - }, - "uuid": "e117678d-9dbf-4fe2-8bb0-888efb9bc97e", + "parent": "projects/ppradhan/locations/us-central1", + "name": "projects/ppradhan/locations/us-central1/environments/example-composer-env", "state": "RUNNING", - "createTime": "2023-12-05T07:45:52.257367Z", - "updateTime": "2023-12-05T10:06:10.077790Z", - "storageConfig": { - "bucket": "asia-east2-inspec-test-comp-88997323-bucket" - }, }, description: 'project_location_environment description') @@ -94,14 +30,7 @@ describe google_composer_project_location_environment(name: project_location_environment['name']) do it { should exist } its('name') { should cmp project_location_environment['name'] } - its('uuid') { should cmp project_location_environment['uuid'] } its('state') { should cmp project_location_environment['state'] } - its('create_time') { should cmp project_location_environment['createTime'] } - its('update_time') { should cmp project_location_environment['updateTime'] } - its('config.gke_cluster') { should cmp project_location_environment['config'][:gkeCluster] } - its('labels.additional_properties') { should cmp project_location_environment['labels'].transform_keys(&:to_s) } - its('satisfies_pzs') { should cmp project_location_environment['satisfies_pzs'] } - its('storage_config.bucket') { should cmp project_location_environment['storageConfig'][:bucket] } end describe google_composer_project_location_environment(name: "does_not_exist") do diff --git a/test/integration/verify/controls/google_composer_project_location_environments.rb b/test/integration/verify/controls/google_composer_project_location_environments.rb index af0793125..fad86ee6f 100644 --- a/test/integration/verify/controls/google_composer_project_location_environments.rb +++ b/test/integration/verify/controls/google_composer_project_location_environments.rb @@ -16,85 +16,18 @@ gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') -# here ppradhan is a sample project id in the parent and name field project_location_environment = input('project_location_environment', value: { - "parent": "projects/ppradhan/locations/asia-east2", - "name": "projects/ppradhan/locations/asia-east2/environments/inspec-test-composer-2", - "config": { - "gkeCluster": "projects/ppradhan/zones/asia-east2-a/clusters/asia-east2-inspec-test-comp-88997323-gke", - "dagGcsPrefix": "gs://asia-east2-inspec-test-comp-88997323-bucket/dags", - "nodeCount": 3, - "softwareConfig": { - "imageVersion": "composer-1.20.12-airflow-2.4.3", - "pythonVersion": "3", - "schedulerCount": 1 - }, - "nodeConfig": { - "location": "projects/ppradhan/zones/asia-east2-a", - "machineType": "projects/ppradhan/zones/asia-east2-a/machineTypes/n1-standard-1", - "network": "projects/ppradhan/global/networks/default", - "diskSizeGb": 100, - "oauthScopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "serviceAccount": "165434197229-compute@developer.gserviceaccount.com", - "ipAllocationPolicy": {} - }, - "airflowUri": "https://ue20b0f31e51f44b8p-tp.appspot.com", - "privateEnvironmentConfig": { - "privateClusterConfig": {}, - "webServerIpv4CidrBlock": "172.31.255.0/24", - "cloudSqlIpv4CidrBlock": "10.0.0.0/12" - }, - "webServerNetworkAccessControl": { - "allowedIpRanges": [ - { - "value": "0.0.0.0/0", - "description": "Allows access from all IPv4 addresses (default value)" - }, - { - "value": "::0/0", - "description": "Allows access from all IPv6 addresses (default value)" - } - ] - }, - "databaseConfig": { - "machineType": "db-n1-standard-2" - }, - "webServerConfig": { - "machineType": "composer-n1-webserver-2" - }, - "encryptionConfig": {}, - "maintenanceWindow": { - "startTime": "2023-12-04T18:30:00Z", - "endTime": "2023-12-04T22:30:00Z", - "recurrence": "FREQ=WEEKLY;BYDAY=TH,FR,SA" - }, - "workloadsConfig": {} - }, - "labels": { - "user": "inspec", - "org": "chef", - }, - "uuid": "e117678d-9dbf-4fe2-8bb0-888efb9bc97e", + "parent": "projects/ppradhan/locations/us-central1", + "name": "projects/ppradhan/locations/us-central1/environments/example-composer-env", "state": "RUNNING", - "createTime": "2023-12-05T07:45:52.257367Z", - "updateTime": "2023-12-05T10:06:10.077790Z", - "storageConfig": { - "bucket": "asia-east2-inspec-test-comp-88997323-bucket" - }, }, description: 'project_location_environment description') control 'google_composer_project_location_environments-2.0' do describe google_composer_project_location_environments(parent: project_location_environment['parent']) do - it { should exist } + it { should exist } its('names') { should include(project_location_environment['name']) } - its('uuids') { should include(project_location_environment['uuid']) } its('states') { should include(project_location_environment['state']) } - its('create_times') { should include(project_location_environment['createTime']) } - its('update_times') { should include(project_location_environment['updateTime']) } - its('satisfies_pzs') { should include(project_location_environment['satisfies_pzs']) } end describe google_composer_project_location_environments(parent: "projects/ppradhan/locations/us-east2") do From 1dbf694bd846c3c3e1b1749e60c69e15e1a5bc74 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Thu, 7 Dec 2023 16:39:33 +0530 Subject: [PATCH 15/16] fix: correct variable name for cloud_composer_v1 Signed-off-by: Sonu Saha --- test/integration/build/gcp-mm.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index 12f43a6bd..02e4b7abc 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -216,7 +216,7 @@ variable "scheduler_job" { type = any } -variable "cloud_composer" { +variable "cloud_composer_v1" { type = any } From 4a3afa6a25ee711ee63e5b52c40a8b663bdcca1d Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Fri, 8 Dec 2023 07:45:39 +0000 Subject: [PATCH 16/16] Bump version to 1.11.58 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 9 +++++++-- VERSION | 2 +- inspec.yml | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 779b21ca7..2fd5d6679 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,16 @@ # Change Log - + +## [v1.11.58](https://github.com/inspec/inspec-gcp/tree/v1.11.58) (2023-12-08) + +#### Merged Pull Requests +- CHEF-7364-MAGIC-MODULE-composer-Projects__locations__environment - Resource Implementation [#546](https://github.com/inspec/inspec-gcp/pull/546) ([sa-progress](https://github.com/sa-progress)) + + ## [v1.11.57](https://github.com/inspec/inspec-gcp/tree/v1.11.57) (2023-12-06) #### Merged Pull Requests - chore: uncomment terraform scripts [#549](https://github.com/inspec/inspec-gcp/pull/549) ([ahasunos](https://github.com/ahasunos)) - ## [v1.11.56](https://github.com/inspec/inspec-gcp/tree/v1.11.56) (2023-12-06) diff --git a/VERSION b/VERSION index 74c9c4059..ceddaaf6a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.57 \ No newline at end of file +1.11.58 \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index 39dff58cd..ad8010fd4 100644 --- a/inspec.yml +++ b/inspec.yml @@ -4,7 +4,7 @@ maintainer: spaterson@chef.io,russell.seymour@turtlesystems.co.uk summary: This resource pack provides compliance resources_old_ignore for Google Cloud Platform copyright: spaterson@chef.io,russell.seymour@turtlesystems.co.uk copyright_email: spaterson@chef.io,russell.seymour@turtlesystems.co.uk -version: 1.11.57 +version: 1.11.58 license: Apache-2.0 inspec_version: '>= 4.7.3' supports: