From d7e2ee013298867e44c37a9f27e92cda76c70edd Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 19:59:41 +0300 Subject: [PATCH 01/16] TF12upgrade bastion module --- modules/bastion-host/main.tf | 21 ++++++++++++++------- modules/bastion-host/outputs.tf | 5 +++-- modules/bastion-host/variables.tf | 1 + 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/modules/bastion-host/main.tf b/modules/bastion-host/main.tf index 68091b9..4c21e1e 100644 --- a/modules/bastion-host/main.tf +++ b/modules/bastion-host/main.tf @@ -1,28 +1,35 @@ +terraform { + # This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. + required_version = ">= 0.12" +} + # --------------------------------------------------------------------------------------------------------------------- # Create an instance with OS Login configured to use as a bastion host. # --------------------------------------------------------------------------------------------------------------------- resource "google_compute_instance" "bastion_host" { - name = "${var.instance_name}" - machine_type = "${var.machine_type}" - zone = "${var.zone}" + name = var.instance_name + machine_type = var.machine_type + zone = var.zone - tags = ["${var.tag}"] + tags = [var.tag] boot_disk { initialize_params { - image = "${var.source_image}" + image = var.source_image } } network_interface { - subnetwork = "${var.subnetwork}" + subnetwork = var.subnetwork // Provide an empty access_config block to receive an ephemeral IP - access_config {} + access_config { + } } metadata = { enable-oslogin = "TRUE" } } + diff --git a/modules/bastion-host/outputs.tf b/modules/bastion-host/outputs.tf index f319fe9..f78819f 100644 --- a/modules/bastion-host/outputs.tf +++ b/modules/bastion-host/outputs.tf @@ -1,9 +1,10 @@ output "instance" { description = "A reference (self_link) to the bastion host's VM instance" - value = "${google_compute_instance.bastion_host.self_link}" + value = google_compute_instance.bastion_host.self_link } output "address" { description = "The public IP of the bastion host." - value = "${google_compute_instance.bastion_host.network_interface.0.access_config.0.nat_ip}" + value = google_compute_instance.bastion_host.network_interface[0].access_config[0].nat_ip } + diff --git a/modules/bastion-host/variables.tf b/modules/bastion-host/variables.tf index 08fbfcb..f6fa755 100644 --- a/modules/bastion-host/variables.tf +++ b/modules/bastion-host/variables.tf @@ -38,3 +38,4 @@ variable "source_image" { description = "The source image to build the VM using. Specified by path reference or by {{project}}/{{image-family}}" default = "gce-uefi-images/ubuntu-1804-lts" } + From 0dda2787a7fc7fa52162532158dabc94a1d0ae23 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:01:22 +0300 Subject: [PATCH 02/16] TF12upgrade firewall module --- modules/network-firewall/main.tf | 38 ++++++++++++++++----------- modules/network-firewall/outputs.tf | 7 ++--- modules/network-firewall/variables.tf | 1 + 3 files changed, 27 insertions(+), 19 deletions(-) diff --git a/modules/network-firewall/main.tf b/modules/network-firewall/main.tf index 18cf0c6..764d4c9 100644 --- a/modules/network-firewall/main.tf +++ b/modules/network-firewall/main.tf @@ -1,9 +1,14 @@ +terraform { + # This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. + required_version = ">= 0.12" +} + data "google_compute_subnetwork" "public_subnetwork" { - self_link = "${var.public_subnetwork}" + self_link = var.public_subnetwork } data "google_compute_subnetwork" "private_subnetwork" { - self_link = "${var.public_subnetwork}" + self_link = var.public_subnetwork } // Define tags as locals so they can be interpolated off of + exported @@ -20,10 +25,10 @@ locals { resource "google_compute_firewall" "public_allow_all_inbound" { name = "${var.name_prefix}-public-allow-ingress" - project = "${var.project}" - network = "${var.network}" + project = var.project + network = var.network - target_tags = ["${local.public}"] + target_tags = [local.public] direction = "INGRESS" source_ranges = ["0.0.0.0/0"] @@ -41,17 +46,17 @@ resource "google_compute_firewall" "public_allow_all_inbound" { resource "google_compute_firewall" "private_allow_all_network_inbound" { name = "${var.name_prefix}-private-allow-ingress" - project = "${var.project}" - network = "${var.network}" + project = var.project + network = var.network - target_tags = ["${local.private}"] + target_tags = [local.private] direction = "INGRESS" source_ranges = [ - "${data.google_compute_subnetwork.public_subnetwork.ip_cidr_range}", - "${data.google_compute_subnetwork.public_subnetwork.secondary_ip_range.0.ip_cidr_range}", - "${data.google_compute_subnetwork.private_subnetwork.ip_cidr_range}", - "${data.google_compute_subnetwork.private_subnetwork.secondary_ip_range.0.ip_cidr_range}", + data.google_compute_subnetwork.public_subnetwork.ip_cidr_range, + data.google_compute_subnetwork.public_subnetwork.secondary_ip_range[0].ip_cidr_range, + data.google_compute_subnetwork.private_subnetwork.ip_cidr_range, + data.google_compute_subnetwork.private_subnetwork.secondary_ip_range[0].ip_cidr_range, ] priority = "1000" @@ -68,14 +73,14 @@ resource "google_compute_firewall" "private_allow_all_network_inbound" { resource "google_compute_firewall" "private_allow_restricted_network_inbound" { name = "${var.name_prefix}-allow-restricted-inbound" - project = "${var.project}" - network = "${var.network}" + project = var.project + network = var.network - target_tags = ["${local.private_persistence}"] + target_tags = [local.private_persistence] direction = "INGRESS" # source_tags is implicitly within this network; tags are only applied to instances that rest within the same network - source_tags = ["${local.private}", "${local.private_persistence}"] + source_tags = [local.private, local.private_persistence] priority = "1000" @@ -83,3 +88,4 @@ resource "google_compute_firewall" "private_allow_restricted_network_inbound" { protocol = "all" } } + diff --git a/modules/network-firewall/outputs.tf b/modules/network-firewall/outputs.tf index e434d80..cc47fae 100644 --- a/modules/network-firewall/outputs.tf +++ b/modules/network-firewall/outputs.tf @@ -1,14 +1,15 @@ output "public" { description = "The string of the public tag" - value = "${local.public}" + value = local.public } output "private" { description = "The string of the private tag" - value = "${local.private}" + value = local.private } output "private_persistence" { description = "The string of the private-persistence tag" - value = "${local.private_persistence}" + value = local.private_persistence } + diff --git a/modules/network-firewall/variables.tf b/modules/network-firewall/variables.tf index bbb3d88..ede5add 100644 --- a/modules/network-firewall/variables.tf +++ b/modules/network-firewall/variables.tf @@ -22,3 +22,4 @@ variable "project" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." } + From 144ca4b08ea399b3e1d64694d5422894055319d1 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:02:17 +0300 Subject: [PATCH 03/16] TF12upgrade peering module --- modules/network-peering/main.tf | 14 ++++++++++---- modules/network-peering/outputs.tf | 1 - modules/network-peering/variables.tf | 3 ++- 3 files changed, 12 insertions(+), 6 deletions(-) delete mode 100644 modules/network-peering/outputs.tf diff --git a/modules/network-peering/main.tf b/modules/network-peering/main.tf index 9cbd855..efcb081 100644 --- a/modules/network-peering/main.tf +++ b/modules/network-peering/main.tf @@ -1,11 +1,17 @@ +terraform { + # This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. + required_version = ">= 0.12" +} + resource "google_compute_network_peering" "first" { name = "${var.name_prefix}-first" - network = "${var.first_network}" - peer_network = "${var.second_network}" + network = var.first_network + peer_network = var.second_network } resource "google_compute_network_peering" "second" { name = "${var.name_prefix}-second" - network = "${var.second_network}" - peer_network = "${var.first_network}" + network = var.second_network + peer_network = var.first_network } + diff --git a/modules/network-peering/outputs.tf b/modules/network-peering/outputs.tf deleted file mode 100644 index 8b13789..0000000 --- a/modules/network-peering/outputs.tf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/modules/network-peering/variables.tf b/modules/network-peering/variables.tf index 437412f..f8d7201 100644 --- a/modules/network-peering/variables.tf +++ b/modules/network-peering/variables.tf @@ -18,5 +18,6 @@ variable "second_network" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." - value = "peering" + default = "peering" } + From 8f5460d7c8ea998c0174e3ff13cc8fd90242cfc9 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:02:50 +0300 Subject: [PATCH 04/16] TF12upgrade host-config module --- modules/project-host-configuration/main.tf | 7 ++++++- modules/project-host-configuration/outputs.tf | 1 - modules/project-host-configuration/variables.tf | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) delete mode 100644 modules/project-host-configuration/outputs.tf diff --git a/modules/project-host-configuration/main.tf b/modules/project-host-configuration/main.tf index 2c5113d..007c7fe 100644 --- a/modules/project-host-configuration/main.tf +++ b/modules/project-host-configuration/main.tf @@ -1,3 +1,8 @@ +terraform { + # This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. + required_version = ">= 0.12" +} + resource "google_compute_shared_vpc_host_project" "host" { - project = "${var.project}" + project = var.project } diff --git a/modules/project-host-configuration/outputs.tf b/modules/project-host-configuration/outputs.tf deleted file mode 100644 index 8b13789..0000000 --- a/modules/project-host-configuration/outputs.tf +++ /dev/null @@ -1 +0,0 @@ - diff --git a/modules/project-host-configuration/variables.tf b/modules/project-host-configuration/variables.tf index e325b26..e014a27 100644 --- a/modules/project-host-configuration/variables.tf +++ b/modules/project-host-configuration/variables.tf @@ -6,3 +6,4 @@ variable "project" { description = "The project ID for the project to enable as a host project" } + From 93dd36fe60918f9ee2f8b0d765cea98b2a2a0476 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:07:38 +0300 Subject: [PATCH 05/16] TF12upgrade vpc-network module --- modules/vpc-network/main.tf | 72 ++++++++++++++++++++------------ modules/vpc-network/outputs.tf | 33 ++++++++------- modules/vpc-network/variables.tf | 11 ++--- 3 files changed, 68 insertions(+), 48 deletions(-) diff --git a/modules/vpc-network/main.tf b/modules/vpc-network/main.tf index 6992cac..7527bbd 100644 --- a/modules/vpc-network/main.tf +++ b/modules/vpc-network/main.tf @@ -1,3 +1,8 @@ +terraform { + # This module has been updated with 0.12 syntax, which means it is no longer compatible with any versions below 0.12. + required_version = ">= 0.12" +} + # --------------------------------------------------------------------------------------------------------------------- # Create the Network & corresponding Router to attach other resources to # Networks that preserve the default route are automatically enabled for Private Google Access to GCP services @@ -6,7 +11,7 @@ resource "google_compute_network" "vpc" { name = "${var.name_prefix}-network" - project = "${var.project}" + project = var.project # Always define custom subnetworks- one subnetwork per region isn't useful for an opinionated setup auto_create_subnetworks = "false" @@ -18,9 +23,9 @@ resource "google_compute_network" "vpc" { resource "google_compute_router" "vpc_router" { name = "${var.name_prefix}-router" - project = "${var.project}" - region = "${var.region}" - network = "${google_compute_network.vpc.self_link}" + project = var.project + region = var.region + network = google_compute_network.vpc.self_link } # --------------------------------------------------------------------------------------------------------------------- @@ -32,27 +37,31 @@ resource "google_compute_router" "vpc_router" { resource "google_compute_subnetwork" "vpc_subnetwork_public" { name = "${var.name_prefix}-subnetwork-public" - project = "${var.project}" - region = "${var.region}" - network = "${google_compute_network.vpc.self_link}" + project = var.project + region = var.region + network = google_compute_network.vpc.self_link private_ip_google_access = true - ip_cidr_range = "${cidrsubnet(var.cidr_block, var.cidr_subnetwork_width_delta, 0)}" + ip_cidr_range = cidrsubnet(var.cidr_block, var.cidr_subnetwork_width_delta, 0) secondary_ip_range { - range_name = "public-services" - ip_cidr_range = "${cidrsubnet(var.secondary_cidr_block, var.secondary_cidr_subnetwork_width_delta, 0)}" + range_name = "public-services" + ip_cidr_range = cidrsubnet( + var.secondary_cidr_block, + var.secondary_cidr_subnetwork_width_delta, + 0 + ) } - enable_flow_logs = "${var.enable_flow_logging}" + enable_flow_logs = var.enable_flow_logging } resource "google_compute_router_nat" "vpc_nat" { name = "${var.name_prefix}-nat" - project = "${var.project}" - region = "${var.region}" - router = "${google_compute_router.vpc_router.name}" + project = var.project + region = var.region + router = google_compute_router.vpc_router.name nat_ip_allocate_option = "AUTO_ONLY" @@ -60,7 +69,7 @@ resource "google_compute_router_nat" "vpc_nat" { source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" subnetwork { - name = "${google_compute_subnetwork.vpc_subnetwork_public.self_link}" + name = google_compute_subnetwork.vpc_subnetwork_public.self_link source_ip_ranges_to_nat = ["ALL_IP_RANGES"] } } @@ -72,19 +81,27 @@ resource "google_compute_router_nat" "vpc_nat" { resource "google_compute_subnetwork" "vpc_subnetwork_private" { name = "${var.name_prefix}-subnetwork-private" - project = "${var.project}" - region = "${var.region}" - network = "${google_compute_network.vpc.self_link}" + project = var.project + region = var.region + network = google_compute_network.vpc.self_link private_ip_google_access = true - ip_cidr_range = "${cidrsubnet(var.cidr_block, var.cidr_subnetwork_width_delta, 1 * (1 + var.cidr_subnetwork_spacing))}" + ip_cidr_range = cidrsubnet( + var.cidr_block, + var.cidr_subnetwork_width_delta, + 1 * (1 + var.cidr_subnetwork_spacing) + ) secondary_ip_range { - range_name = "private-services" - ip_cidr_range = "${cidrsubnet(var.secondary_cidr_block, var.secondary_cidr_subnetwork_width_delta, 1 * (1 + var.secondary_cidr_subnetwork_spacing))}" + range_name = "private-services" + ip_cidr_range = cidrsubnet( + var.secondary_cidr_block, + var.secondary_cidr_subnetwork_width_delta, + 1 * (1 + var.secondary_cidr_subnetwork_spacing) + ) } - enable_flow_logs = "${var.enable_flow_logging}" + enable_flow_logs = var.enable_flow_logging } # --------------------------------------------------------------------------------------------------------------------- @@ -94,11 +111,12 @@ resource "google_compute_subnetwork" "vpc_subnetwork_private" { module "network_firewall" { source = "../network-firewall" - name_prefix = "${var.name_prefix}" + name_prefix = var.name_prefix - project = "${var.project}" - network = "${google_compute_network.vpc.self_link}" + project = var.project + network = google_compute_network.vpc.self_link - public_subnetwork = "${google_compute_subnetwork.vpc_subnetwork_public.self_link}" - private_subnetwork = "${google_compute_subnetwork.vpc_subnetwork_private.self_link}" + public_subnetwork = google_compute_subnetwork.vpc_subnetwork_public.self_link + private_subnetwork = google_compute_subnetwork.vpc_subnetwork_private.self_link } + diff --git a/modules/vpc-network/outputs.tf b/modules/vpc-network/outputs.tf index d73f0b5..faf38da 100644 --- a/modules/vpc-network/outputs.tf +++ b/modules/vpc-network/outputs.tf @@ -1,6 +1,6 @@ output "network" { description = "A reference (self_link) to the VPC network" - value = "${google_compute_network.vpc.self_link}" + value = google_compute_network.vpc.self_link } # --------------------------------------------------------------------------------------------------------------------- @@ -9,28 +9,28 @@ output "network" { output "public_subnetwork" { description = "A reference (self_link) to the public subnetwork" - value = "${google_compute_subnetwork.vpc_subnetwork_public.self_link}" + value = google_compute_subnetwork.vpc_subnetwork_public.self_link } output "public_subnetwork_name" { description = "Name of the public subnetwork" - value = "${google_compute_subnetwork.vpc_subnetwork_public.name}" + value = google_compute_subnetwork.vpc_subnetwork_public.name } output "public_subnetwork_cidr_block" { - value = "${google_compute_subnetwork.vpc_subnetwork_public.ip_cidr_range}" + value = google_compute_subnetwork.vpc_subnetwork_public.ip_cidr_range } output "public_subnetwork_gateway" { - value = "${google_compute_subnetwork.vpc_subnetwork_public.gateway_address}" + value = google_compute_subnetwork.vpc_subnetwork_public.gateway_address } output "public_subnetwork_secondary_cidr_block" { - value = "${google_compute_subnetwork.vpc_subnetwork_public.secondary_ip_range.0.ip_cidr_range}" + value = google_compute_subnetwork.vpc_subnetwork_public.secondary_ip_range[0].ip_cidr_range } output "public_subnetwork_secondary_range_name" { - value = "${google_compute_subnetwork.vpc_subnetwork_public.secondary_ip_range.0.range_name}" + value = google_compute_subnetwork.vpc_subnetwork_public.secondary_ip_range[0].range_name } # --------------------------------------------------------------------------------------------------------------------- @@ -39,28 +39,28 @@ output "public_subnetwork_secondary_range_name" { output "private_subnetwork" { description = "A reference (self_link) to the private subnetwork" - value = "${google_compute_subnetwork.vpc_subnetwork_private.self_link}" + value = google_compute_subnetwork.vpc_subnetwork_private.self_link } output "private_subnetwork_name" { description = "Name of the private subnetwork" - value = "${google_compute_subnetwork.vpc_subnetwork_private.self_link}" + value = google_compute_subnetwork.vpc_subnetwork_private.self_link } output "private_subnetwork_cidr_block" { - value = "${google_compute_subnetwork.vpc_subnetwork_private.ip_cidr_range}" + value = google_compute_subnetwork.vpc_subnetwork_private.ip_cidr_range } output "private_subnetwork_gateway" { - value = "${google_compute_subnetwork.vpc_subnetwork_private.gateway_address}" + value = google_compute_subnetwork.vpc_subnetwork_private.gateway_address } output "private_subnetwork_secondary_cidr_block" { - value = "${google_compute_subnetwork.vpc_subnetwork_private.secondary_ip_range.0.ip_cidr_range}" + value = google_compute_subnetwork.vpc_subnetwork_private.secondary_ip_range[0].ip_cidr_range } output "private_subnetwork_secondary_range_name" { - value = "${google_compute_subnetwork.vpc_subnetwork_private.secondary_ip_range.0.range_name}" + value = google_compute_subnetwork.vpc_subnetwork_private.secondary_ip_range[0].range_name } # --------------------------------------------------------------------------------------------------------------------- @@ -69,15 +69,16 @@ output "private_subnetwork_secondary_range_name" { output "public" { description = "The network tag string used for the public access tier" - value = "${module.network_firewall.public}" + value = module.network_firewall.public } output "private" { description = "The network tag string used for the private access tier" - value = "${module.network_firewall.private}" + value = module.network_firewall.private } output "private_persistence" { description = "The network tag string used for the private-persistence access tier" - value = "${module.network_firewall.private_persistence}" + value = module.network_firewall.private_persistence } + diff --git a/modules/vpc-network/variables.tf b/modules/vpc-network/variables.tf index 81f620c..ffb7860 100644 --- a/modules/vpc-network/variables.tf +++ b/modules/vpc-network/variables.tf @@ -27,12 +27,12 @@ variable "cidr_block" { variable "cidr_subnetwork_width_delta" { description = "The difference between your network and subnetwork netmask; an /16 network and a /20 subnetwork would be 4." - default = "4" + default = 4 } variable "cidr_subnetwork_spacing" { description = "How many subnetwork-mask sized spaces to leave between each subnetwork type." - default = "0" + default = 0 } variable "secondary_cidr_block" { @@ -42,15 +42,16 @@ variable "secondary_cidr_block" { variable "secondary_cidr_subnetwork_width_delta" { description = "The difference between your network and subnetwork's secondary range netmask; an /16 network and a /20 subnetwork would be 4." - default = "4" + default = 4 } variable "secondary_cidr_subnetwork_spacing" { description = "How many subnetwork-mask sized spaces to leave between each subnetwork type's secondary ranges." - default = "0" + default = 0 } variable "enable_flow_logging" { description = "Whether to enable VPC Flow Logs being sent to Stackdriver (https://cloud.google.com/vpc/docs/using-flow-logs)" - default = "true" + default = true } + From e98aedcb7f675c3de158e377fe3259c3f866a052 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:08:22 +0300 Subject: [PATCH 06/16] Upgrade terratest to latest --- test/Gopkg.lock | 6 +++--- test/Gopkg.toml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/Gopkg.lock b/test/Gopkg.lock index 6d669a5..5b6ffd4 100644 --- a/test/Gopkg.lock +++ b/test/Gopkg.lock @@ -231,7 +231,7 @@ version = "v0.4.2" [[projects]] - digest = "1:653bb665ede505dfaa7345261d8208c9ee8cc5bdbe7e258110ae9807eb34dace" + digest = "1:338e2e6889b617e5478596733b84d50537422088db2a23488d421134fac8780d" name = "github.com/gruntwork-io/terratest" packages = [ "modules/aws", @@ -251,8 +251,8 @@ "modules/test-structure", ] pruneopts = "" - revision = "892abb2c35878d0808101bbfe6559e931dc2d354" - version = "v0.16.0" + revision = "f3916f7a5f58e3fedf603388d3e3e8052d6a47a3" + version = "v0.16.1" [[projects]] digest = "1:85f8f8d390a03287a563e215ea6bd0610c858042731a8b42062435a0dcbc485f" diff --git a/test/Gopkg.toml b/test/Gopkg.toml index bd93bc9..21097b3 100644 --- a/test/Gopkg.toml +++ b/test/Gopkg.toml @@ -23,4 +23,4 @@ [[constraint]] name = "github.com/gruntwork-io/terratest" - version = "0.16.0" + version = "0.16.1" From 128244d65bb249c5cf355ce824e7bd0fb55191fc Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:12:52 +0300 Subject: [PATCH 07/16] TF12upgrade root example --- main.tf | 49 ++++++++++++++++++++++++++++--------------------- outputs.tf | 37 +++++++++++++++++++------------------ variables.tf | 1 + 3 files changed, 48 insertions(+), 39 deletions(-) diff --git a/main.tf b/main.tf index 04d19cb..b539208 100644 --- a/main.tf +++ b/main.tf @@ -1,3 +1,9 @@ +terraform { + # The modules used in this example have been updated with 0.12 syntax, which means the example is no longer + # compatible with any versions below 0.12. + required_version = ">= 0.12" +} + # --------------------------------------------------------------------------------------------------------------------- # Create a Management Network for shared services # --------------------------------------------------------------------------------------------------------------------- @@ -8,9 +14,9 @@ module "management_network" { # source = "github.com/gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.1.2" source = "./modules/vpc-network" - name_prefix = "${var.name_prefix}" - project = "${var.project}" - region = "${var.region}" + name_prefix = var.name_prefix + project = var.project + region = var.region } # --------------------------------------------------------------------------------------------------------------------- @@ -18,15 +24,15 @@ module "management_network" { # --------------------------------------------------------------------------------------------------------------------- data "google_compute_zones" "available" { - project = "${var.project}" - region = "${var.region}" + project = var.project + region = var.region } // This instance acts as an arbitrary internet address for testing purposes resource "google_compute_instance" "default_network" { name = "${var.name_prefix}-default-network" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true @@ -48,11 +54,11 @@ resource "google_compute_instance" "default_network" { resource "google_compute_instance" "public_with_ip" { name = "${var.name_prefix}-public-with-ip" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true - tags = ["${module.management_network.public}"] + tags = [module.management_network.public] boot_disk { initialize_params { @@ -61,7 +67,7 @@ resource "google_compute_instance" "public_with_ip" { } network_interface { - subnetwork = "${module.management_network.public_subnetwork}" + subnetwork = module.management_network.public_subnetwork access_config { // Ephemeral IP @@ -72,11 +78,11 @@ resource "google_compute_instance" "public_with_ip" { resource "google_compute_instance" "public_without_ip" { name = "${var.name_prefix}-public-without-ip" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true - tags = ["${module.management_network.public}"] + tags = [module.management_network.public] boot_disk { initialize_params { @@ -85,18 +91,18 @@ resource "google_compute_instance" "public_without_ip" { } network_interface { - subnetwork = "${module.management_network.public_subnetwork}" + subnetwork = module.management_network.public_subnetwork } } resource "google_compute_instance" "private_public" { name = "${var.name_prefix}-private-public" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true - tags = ["${module.management_network.private}"] + tags = [module.management_network.private] boot_disk { initialize_params { @@ -105,18 +111,18 @@ resource "google_compute_instance" "private_public" { } network_interface { - subnetwork = "${module.management_network.public_subnetwork}" + subnetwork = module.management_network.public_subnetwork } } resource "google_compute_instance" "private" { name = "${var.name_prefix}-private" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true - tags = ["${module.management_network.private}"] + tags = [module.management_network.private] boot_disk { initialize_params { @@ -125,18 +131,18 @@ resource "google_compute_instance" "private" { } network_interface { - subnetwork = "${module.management_network.private_subnetwork}" + subnetwork = module.management_network.private_subnetwork } } resource "google_compute_instance" "private_persistence" { name = "${var.name_prefix}-private-persistence" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true - tags = ["${module.management_network.private_persistence}"] + tags = [module.management_network.private_persistence] boot_disk { initialize_params { @@ -145,6 +151,7 @@ resource "google_compute_instance" "private_persistence" { } network_interface { - subnetwork = "${module.management_network.private_subnetwork}" + subnetwork = module.management_network.private_subnetwork } } + diff --git a/outputs.tf b/outputs.tf index b3d66bc..8fd8feb 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,6 +1,6 @@ output "network" { description = "A reference (self_link) to the VPC network" - value = "${module.management_network.network}" + value = module.management_network.network } # --------------------------------------------------------------------------------------------------------------------- @@ -9,19 +9,19 @@ output "network" { output "public_subnetwork" { description = "A reference (self_link) to the public subnetwork" - value = "${module.management_network.public_subnetwork}" + value = module.management_network.public_subnetwork } output "public_subnetwork_cidr_block" { - value = "${module.management_network.public_subnetwork_cidr_block}" + value = module.management_network.public_subnetwork_cidr_block } output "public_subnetwork_gateway" { - value = "${module.management_network.public_subnetwork_gateway}" + value = module.management_network.public_subnetwork_gateway } output "public_subnetwork_secondary_cidr_block" { - value = "${module.management_network.public_subnetwork_secondary_cidr_block}" + value = module.management_network.public_subnetwork_secondary_cidr_block } # --------------------------------------------------------------------------------------------------------------------- @@ -30,19 +30,19 @@ output "public_subnetwork_secondary_cidr_block" { output "private_subnetwork" { description = "A reference (self_link) to the private subnetwork" - value = "${module.management_network.private_subnetwork}" + value = module.management_network.private_subnetwork } output "private_subnetwork_cidr_block" { - value = "${module.management_network.private_subnetwork_cidr_block}" + value = module.management_network.private_subnetwork_cidr_block } output "private_subnetwork_gateway" { - value = "${module.management_network.private_subnetwork_gateway}" + value = module.management_network.private_subnetwork_gateway } output "private_subnetwork_secondary_cidr_block" { - value = "${module.management_network.private_subnetwork_secondary_cidr_block}" + value = module.management_network.private_subnetwork_secondary_cidr_block } # --------------------------------------------------------------------------------------------------------------------- @@ -51,17 +51,17 @@ output "private_subnetwork_secondary_cidr_block" { output "public" { description = "The network tag string used for the public access tier" - value = "${module.management_network.public}" + value = module.management_network.public } output "private" { description = "The network tag string used for the private access tier" - value = "${module.management_network.private}" + value = module.management_network.private } output "private_persistence" { description = "The network tag string used for the private-persistence access tier" - value = "${module.management_network.private_persistence}" + value = module.management_network.private_persistence } # --------------------------------------------------------------------------------------------------------------------- @@ -70,30 +70,31 @@ output "private_persistence" { output "instance_default_network" { description = "A reference (self link) to an instance in the default network. Note that the default network allows SSH." - value = "${google_compute_instance.default_network.self_link}" + value = google_compute_instance.default_network.self_link } output "instance_public_with_ip" { description = "A reference (self link) to the instance tagged as public in a public subnetwork with an external IP" - value = "${google_compute_instance.public_with_ip.self_link}" + value = google_compute_instance.public_with_ip.self_link } output "instance_public_without_ip" { description = "A reference (self link) to the instance tagged as public in a public subnetwork without an internet IP" - value = "${google_compute_instance.public_without_ip.self_link}" + value = google_compute_instance.public_without_ip.self_link } output "instance_private_public" { description = "A reference (self link) to the instance tagged as private in a public subnetwork" - value = "${google_compute_instance.private_public.self_link}" + value = google_compute_instance.private_public.self_link } output "instance_private" { description = "A reference (self link) to the instance tagged as private in a private subnetwork" - value = "${google_compute_instance.private.self_link}" + value = google_compute_instance.private.self_link } output "instance_private_persistence" { description = "A reference (self link) to the instance tagged as private-persistence in a private subnetwork" - value = "${google_compute_instance.private_persistence.self_link}" + value = google_compute_instance.private_persistence.self_link } + diff --git a/variables.tf b/variables.tf index d9aa323..9a6dfa0 100644 --- a/variables.tf +++ b/variables.tf @@ -20,3 +20,4 @@ variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." default = "management" } + From 63fc5a7a6adae47917b04ca97f4551dde2a1af10 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:13:37 +0300 Subject: [PATCH 08/16] TF12upgrade bastion example --- examples/bastion-host/main.tf | 25 ++++++++++++++++--------- examples/bastion-host/outputs.tf | 5 +++-- examples/bastion-host/variables.tf | 1 + 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/examples/bastion-host/main.tf b/examples/bastion-host/main.tf index 3f3762c..cd4130a 100644 --- a/examples/bastion-host/main.tf +++ b/examples/bastion-host/main.tf @@ -1,3 +1,9 @@ +terraform { + # The modules used in this example have been updated with 0.12 syntax, which means the example is no longer + # compatible with any versions below 0.12. + required_version = ">= 0.12" +} + # --------------------------------------------------------------------------------------------------------------------- # Create a Management Network for shared services # --------------------------------------------------------------------------------------------------------------------- @@ -8,9 +14,9 @@ module "management_network" { # source = "github.com/gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.1.2" source = "../../modules/vpc-network" - name_prefix = "${var.name_prefix}" - project = "${var.project}" - region = "${var.region}" + name_prefix = var.name_prefix + project = var.project + region = var.region } # --------------------------------------------------------------------------------------------------------------------- @@ -24,10 +30,10 @@ module "bastion_host" { source = "../../modules/bastion-host" instance_name = "${var.name_prefix}-vm" - subnetwork = "${module.management_network.public_subnetwork}" + subnetwork = module.management_network.public_subnetwork - project = "${var.project}" - zone = "${var.zone}" + project = var.project + zone = var.zone } # --------------------------------------------------------------------------------------------------------------------- @@ -37,11 +43,11 @@ module "bastion_host" { resource "google_compute_instance" "private" { name = "${var.name_prefix}-private" machine_type = "n1-standard-1" - zone = "${var.zone}" + zone = var.zone allow_stopping_for_update = true - tags = ["${module.management_network.private}"] + tags = [module.management_network.private] boot_disk { initialize_params { @@ -50,10 +56,11 @@ resource "google_compute_instance" "private" { } network_interface { - subnetwork = "${module.management_network.private_subnetwork}" + subnetwork = module.management_network.private_subnetwork } metadata = { enable-oslogin = "TRUE" } } + diff --git a/examples/bastion-host/outputs.tf b/examples/bastion-host/outputs.tf index 8fa8277..6fbd565 100644 --- a/examples/bastion-host/outputs.tf +++ b/examples/bastion-host/outputs.tf @@ -1,9 +1,10 @@ output "address" { description = "The public IP of the bastion host." - value = "${module.bastion_host.address}" + value = module.bastion_host.address } output "private_instance" { description = "A reference (self_link) to the private instance" - value = "${google_compute_instance.private.self_link}" + value = google_compute_instance.private.self_link } + diff --git a/examples/bastion-host/variables.tf b/examples/bastion-host/variables.tf index 9fffa52..636606b 100644 --- a/examples/bastion-host/variables.tf +++ b/examples/bastion-host/variables.tf @@ -24,3 +24,4 @@ variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." default = "bastion" } + From cff77d33db356054e816be9f7749e0b6919b5948 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:14:25 +0300 Subject: [PATCH 09/16] TF12upgrade network-host example --- examples/network-host-application/main.tf | 15 ++++++++--- examples/network-host-application/outputs.tf | 25 ++++++++++--------- .../network-host-application/variables.tf | 1 + 3 files changed, 25 insertions(+), 16 deletions(-) diff --git a/examples/network-host-application/main.tf b/examples/network-host-application/main.tf index d2eac5e..ca1b088 100644 --- a/examples/network-host-application/main.tf +++ b/examples/network-host-application/main.tf @@ -1,12 +1,18 @@ +terraform { + # The modules used in this example have been updated with 0.12 syntax, which means the example is no longer + # compatible with any versions below 0.12. + required_version = ">= 0.12" +} + module "application_network" { # When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you # to a specific version of the modules, such as the following example: # source = "github.com/gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.1.2" source = "../../modules/vpc-network" - name_prefix = "${var.name_prefix}" - project = "${var.project}" - region = "${var.region}" + name_prefix = var.name_prefix + project = var.project + region = var.region } module "project_host_configuration" { @@ -15,5 +21,6 @@ module "project_host_configuration" { # source = "github.com/gruntwork-io/terraform-google-network.git//modules/project-host-configuration?ref=v0.1.2" source = "../../modules/project-host-configuration" - project = "${var.project}" + project = var.project } + diff --git a/examples/network-host-application/outputs.tf b/examples/network-host-application/outputs.tf index 77a633b..6596252 100644 --- a/examples/network-host-application/outputs.tf +++ b/examples/network-host-application/outputs.tf @@ -1,6 +1,6 @@ output "network" { description = "A reference (self_link) to the VPC network" - value = "${module.application_network.network}" + value = module.application_network.network } # --------------------------------------------------------------------------------------------------------------------- @@ -9,19 +9,19 @@ output "network" { output "public_subnetwork" { description = "A reference (self_link) to the public subnetwork" - value = "${module.application_network.public_subnetwork}" + value = module.application_network.public_subnetwork } output "public_subnetwork_cidr_block" { - value = "${module.application_network.public_subnetwork_cidr_block}" + value = module.application_network.public_subnetwork_cidr_block } output "public_subnetwork_gateway" { - value = "${module.application_network.public_subnetwork_gateway}" + value = module.application_network.public_subnetwork_gateway } output "public_subnetwork_secondary_cidr_block" { - value = "${module.application_network.public_subnetwork_secondary_cidr_block}" + value = module.application_network.public_subnetwork_secondary_cidr_block } # --------------------------------------------------------------------------------------------------------------------- @@ -30,19 +30,19 @@ output "public_subnetwork_secondary_cidr_block" { output "private_subnetwork" { description = "A reference (self_link) to the private subnetwork" - value = "${module.application_network.private_subnetwork}" + value = module.application_network.private_subnetwork } output "private_subnetwork_cidr_block" { - value = "${module.application_network.private_subnetwork_cidr_block}" + value = module.application_network.private_subnetwork_cidr_block } output "private_subnetwork_gateway" { - value = "${module.application_network.private_subnetwork_gateway}" + value = module.application_network.private_subnetwork_gateway } output "private_subnetwork_secondary_cidr_block" { - value = "${module.application_network.private_subnetwork_secondary_cidr_block}" + value = module.application_network.private_subnetwork_secondary_cidr_block } # --------------------------------------------------------------------------------------------------------------------- @@ -51,15 +51,16 @@ output "private_subnetwork_secondary_cidr_block" { output "public" { description = "The network tag string used for the public access tier" - value = "${module.application_network.public}" + value = module.application_network.public } output "private" { description = "The network tag string used for the private access tier" - value = "${module.application_network.private}" + value = module.application_network.private } output "private_persistence" { description = "The network tag string used for the private-persistence access tier" - value = "${module.application_network.private_persistence}" + value = module.application_network.private_persistence } + diff --git a/examples/network-host-application/variables.tf b/examples/network-host-application/variables.tf index 63c86f1..4ab0fa4 100644 --- a/examples/network-host-application/variables.tf +++ b/examples/network-host-application/variables.tf @@ -20,3 +20,4 @@ variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." default = "application" } + From 6448f7d3ba392e7507797532643426de77a5a466 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:15:50 +0300 Subject: [PATCH 10/16] TF12upgrade mgmt network example --- examples/network-management/main.tf | 49 ++++++++++++++---------- examples/network-management/outputs.tf | 37 +++++++++--------- examples/network-management/variables.tf | 1 + 3 files changed, 48 insertions(+), 39 deletions(-) diff --git a/examples/network-management/main.tf b/examples/network-management/main.tf index 2c23562..2817c85 100644 --- a/examples/network-management/main.tf +++ b/examples/network-management/main.tf @@ -1,3 +1,9 @@ +terraform { + # The modules used in this example have been updated with 0.12 syntax, which means the example is no longer + # compatible with any versions below 0.12. + required_version = ">= 0.12" +} + # --------------------------------------------------------------------------------------------------------------------- # Create a Management Network for shared services # --------------------------------------------------------------------------------------------------------------------- @@ -8,9 +14,9 @@ module "management_network" { # source = "github.com/gruntwork-io/terraform-google-network.git//modules/vpc-network?ref=v0.1.2" source = "../../modules/vpc-network" - name_prefix = "${var.name_prefix}" - project = "${var.project}" - region = "${var.region}" + name_prefix = var.name_prefix + project = var.project + region = var.region } # --------------------------------------------------------------------------------------------------------------------- @@ -18,15 +24,15 @@ module "management_network" { # --------------------------------------------------------------------------------------------------------------------- data "google_compute_zones" "available" { - project = "${var.project}" - region = "${var.region}" + project = var.project + region = var.region } // This instance acts as an arbitrary internet address for testing purposes resource "google_compute_instance" "default_network" { name = "${var.name_prefix}-default-network" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true @@ -48,11 +54,11 @@ resource "google_compute_instance" "default_network" { resource "google_compute_instance" "public_with_ip" { name = "${var.name_prefix}-public-with-ip" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true - tags = ["${module.management_network.public}"] + tags = [module.management_network.public] boot_disk { initialize_params { @@ -61,7 +67,7 @@ resource "google_compute_instance" "public_with_ip" { } network_interface { - subnetwork = "${module.management_network.public_subnetwork}" + subnetwork = module.management_network.public_subnetwork access_config { // Ephemeral IP @@ -72,11 +78,11 @@ resource "google_compute_instance" "public_with_ip" { resource "google_compute_instance" "public_without_ip" { name = "${var.name_prefix}-public-without-ip" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true - tags = ["${module.management_network.public}"] + tags = [module.management_network.public] boot_disk { initialize_params { @@ -85,18 +91,18 @@ resource "google_compute_instance" "public_without_ip" { } network_interface { - subnetwork = "${module.management_network.public_subnetwork}" + subnetwork = module.management_network.public_subnetwork } } resource "google_compute_instance" "private_public" { name = "${var.name_prefix}-private-public" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true - tags = ["${module.management_network.private}"] + tags = [module.management_network.private] boot_disk { initialize_params { @@ -105,18 +111,18 @@ resource "google_compute_instance" "private_public" { } network_interface { - subnetwork = "${module.management_network.public_subnetwork}" + subnetwork = module.management_network.public_subnetwork } } resource "google_compute_instance" "private" { name = "${var.name_prefix}-private" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true - tags = ["${module.management_network.private}"] + tags = [module.management_network.private] boot_disk { initialize_params { @@ -125,18 +131,18 @@ resource "google_compute_instance" "private" { } network_interface { - subnetwork = "${module.management_network.private_subnetwork}" + subnetwork = module.management_network.private_subnetwork } } resource "google_compute_instance" "private_persistence" { name = "${var.name_prefix}-private-persistence" machine_type = "n1-standard-1" - zone = "${data.google_compute_zones.available.names[0]}" + zone = data.google_compute_zones.available.names[0] allow_stopping_for_update = true - tags = ["${module.management_network.private_persistence}"] + tags = [module.management_network.private_persistence] boot_disk { initialize_params { @@ -145,6 +151,7 @@ resource "google_compute_instance" "private_persistence" { } network_interface { - subnetwork = "${module.management_network.private_subnetwork}" + subnetwork = module.management_network.private_subnetwork } } + diff --git a/examples/network-management/outputs.tf b/examples/network-management/outputs.tf index b3d66bc..8fd8feb 100644 --- a/examples/network-management/outputs.tf +++ b/examples/network-management/outputs.tf @@ -1,6 +1,6 @@ output "network" { description = "A reference (self_link) to the VPC network" - value = "${module.management_network.network}" + value = module.management_network.network } # --------------------------------------------------------------------------------------------------------------------- @@ -9,19 +9,19 @@ output "network" { output "public_subnetwork" { description = "A reference (self_link) to the public subnetwork" - value = "${module.management_network.public_subnetwork}" + value = module.management_network.public_subnetwork } output "public_subnetwork_cidr_block" { - value = "${module.management_network.public_subnetwork_cidr_block}" + value = module.management_network.public_subnetwork_cidr_block } output "public_subnetwork_gateway" { - value = "${module.management_network.public_subnetwork_gateway}" + value = module.management_network.public_subnetwork_gateway } output "public_subnetwork_secondary_cidr_block" { - value = "${module.management_network.public_subnetwork_secondary_cidr_block}" + value = module.management_network.public_subnetwork_secondary_cidr_block } # --------------------------------------------------------------------------------------------------------------------- @@ -30,19 +30,19 @@ output "public_subnetwork_secondary_cidr_block" { output "private_subnetwork" { description = "A reference (self_link) to the private subnetwork" - value = "${module.management_network.private_subnetwork}" + value = module.management_network.private_subnetwork } output "private_subnetwork_cidr_block" { - value = "${module.management_network.private_subnetwork_cidr_block}" + value = module.management_network.private_subnetwork_cidr_block } output "private_subnetwork_gateway" { - value = "${module.management_network.private_subnetwork_gateway}" + value = module.management_network.private_subnetwork_gateway } output "private_subnetwork_secondary_cidr_block" { - value = "${module.management_network.private_subnetwork_secondary_cidr_block}" + value = module.management_network.private_subnetwork_secondary_cidr_block } # --------------------------------------------------------------------------------------------------------------------- @@ -51,17 +51,17 @@ output "private_subnetwork_secondary_cidr_block" { output "public" { description = "The network tag string used for the public access tier" - value = "${module.management_network.public}" + value = module.management_network.public } output "private" { description = "The network tag string used for the private access tier" - value = "${module.management_network.private}" + value = module.management_network.private } output "private_persistence" { description = "The network tag string used for the private-persistence access tier" - value = "${module.management_network.private_persistence}" + value = module.management_network.private_persistence } # --------------------------------------------------------------------------------------------------------------------- @@ -70,30 +70,31 @@ output "private_persistence" { output "instance_default_network" { description = "A reference (self link) to an instance in the default network. Note that the default network allows SSH." - value = "${google_compute_instance.default_network.self_link}" + value = google_compute_instance.default_network.self_link } output "instance_public_with_ip" { description = "A reference (self link) to the instance tagged as public in a public subnetwork with an external IP" - value = "${google_compute_instance.public_with_ip.self_link}" + value = google_compute_instance.public_with_ip.self_link } output "instance_public_without_ip" { description = "A reference (self link) to the instance tagged as public in a public subnetwork without an internet IP" - value = "${google_compute_instance.public_without_ip.self_link}" + value = google_compute_instance.public_without_ip.self_link } output "instance_private_public" { description = "A reference (self link) to the instance tagged as private in a public subnetwork" - value = "${google_compute_instance.private_public.self_link}" + value = google_compute_instance.private_public.self_link } output "instance_private" { description = "A reference (self link) to the instance tagged as private in a private subnetwork" - value = "${google_compute_instance.private.self_link}" + value = google_compute_instance.private.self_link } output "instance_private_persistence" { description = "A reference (self link) to the instance tagged as private-persistence in a private subnetwork" - value = "${google_compute_instance.private_persistence.self_link}" + value = google_compute_instance.private_persistence.self_link } + diff --git a/examples/network-management/variables.tf b/examples/network-management/variables.tf index d9aa323..9a6dfa0 100644 --- a/examples/network-management/variables.tf +++ b/examples/network-management/variables.tf @@ -20,3 +20,4 @@ variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." default = "management" } + From b67371fdf6682b2c877fcae9bd98a0a4d3456420 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:17:05 +0300 Subject: [PATCH 11/16] Add tf12 badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e0cdd6e..7d06d1c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ [![Maintained by Gruntwork.io](https://img.shields.io/badge/maintained%20by-gruntwork.io-%235849a6.svg)](https://gruntwork.io/?ref=repo_google_network) [![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/gruntwork-io/terraform-google-network.svg?label=latest)](https://github.com/gruntwork-io/terraform-google-network/releases/latest) - +![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.12.0-blue.svg) # Google VPC Network Modules This repo contains modules for creating [Virtual Private Cloud (VPC) networks](https://cloud.google.com/vpc/docs/vpc) on From 8dc728eaffff060b90598c48903d4a61ce044bdc Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 5 Jun 2019 20:19:09 +0300 Subject: [PATCH 12/16] Upgrade terraform --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9d883d6..3f7c529 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,7 +4,7 @@ defaults: &defaults GRUNTWORK_INSTALLER_VERSION: v0.0.21 TERRATEST_LOG_PARSER_VERSION: v0.13.13 MODULE_CI_VERSION: v0.13.3 - TERRAFORM_VERSION: 0.11.8 + TERRAFORM_VERSION: 0.12.1 TERRAGRUNT_VERSION: NONE PACKER_VERSION: NONE GOLANG_VERSION: 1.11.2 From 128af89d80f9f5d5ef2099de9cbb6a9e0a072eeb Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Thu, 6 Jun 2019 22:22:50 +0300 Subject: [PATCH 13/16] Staged tests --- test/bastion_host_test.go | 131 ++++++++------ test/management_network_test.go | 292 +++++++++++++++++--------------- test/network_helpers.go | 8 + 3 files changed, 246 insertions(+), 185 deletions(-) diff --git a/test/bastion_host_test.go b/test/bastion_host_test.go index f9e2caa..51bbce0 100644 --- a/test/bastion_host_test.go +++ b/test/bastion_host_test.go @@ -15,65 +15,90 @@ import ( func TestBastionHost(t *testing.T) { t.Parallel() - testFolder := test_structure.CopyTerraformFolderToTemp(t, "..", "examples") - terraformModulePath := filepath.Join(testFolder, "bastion-host") + //os.Setenv("SKIP_bootstrap", "true") + //os.Setenv("SKIP_deploy", "true") + //os.Setenv("SKIP_ssh_tests", "true") + //os.Setenv("SKIP_teardown", "true") - project := gcp.GetGoogleProjectIDFromEnvVar(t) - region := gcp.GetRandomRegion(t, project, nil, nil) - zone := gcp.GetRandomZoneForRegion(t, project, region) - terratestOptions := createBastionHostTerraformOptions(t, strings.ToLower(random.UniqueId()), project, region, zone, terraformModulePath) - defer terraform.Destroy(t, terratestOptions) + _examplesDir := test_structure.CopyTerraformFolderToTemp(t, "../", "examples") + exampleDir := filepath.Join(_examplesDir, "bastion-host") - terraform.InitAndApply(t, terratestOptions) + test_structure.RunTestStage(t, "bootstrap", func() { + project := gcp.GetGoogleProjectIDFromEnvVar(t) + region := getRandomRegion(t, project) + zone := gcp.GetRandomZoneForRegion(t, project, region) + + terraformOptions := createBastionHostTerraformOptions(t, strings.ToLower(random.UniqueId()), project, region, zone, exampleDir) + + test_structure.SaveTerraformOptions(t, exampleDir, terraformOptions) + test_structure.SaveString(t, exampleDir, KEY_PROJECT, project) + }) + + // At the end of the test, run `terraform destroy` to clean up any resources that were created + defer test_structure.RunTestStage(t, "teardown", func() { + terraformOptions := test_structure.LoadTerraformOptions(t, exampleDir) + terraform.Destroy(t, terraformOptions) + }) + + test_structure.RunTestStage(t, "deploy", func() { + terraformOptions := test_structure.LoadTerraformOptions(t, exampleDir) + terraform.InitAndApply(t, terraformOptions) + }) /* Test SSH */ - address := terraform.Output(t, terratestOptions, "address") - googleIdentity := gcp.GetGoogleIdentityEmailEnvVar(t) - - keyPair := ssh.GenerateRSAKeyPair(t, 2048) - key := keyPair.PublicKey - - user := googleIdentity - - defer gcp.DeleteSSHKey(t, user, key) - gcp.ImportSSHKey(t, user, key) - - loginProfile := gcp.GetLoginProfile(t, user) - sshUsername := loginProfile.PosixAccounts[0].Username - - bastionHost := ssh.Host{ - Hostname: address, - SshKeyPair: keyPair, - SshUserName: sshUsername, - } - - private := FetchFromOutput(t, terratestOptions, project, "private_instance") - privateHost := ssh.Host{ - Hostname: private.Name, - SshKeyPair: keyPair, - SshUserName: sshUsername, - } - - sshChecks := []SSHCheck{ - // Success - {"bastion", func(t *testing.T) { testSSHOn1Host(t, ExpectSuccess, bastionHost) }}, - {"bastion to private", func(t *testing.T) { testSSHOn2Hosts(t, ExpectSuccess, bastionHost, privateHost) }}, - - // Failure - {"private", func(t *testing.T) { testSSHOn1Host(t, ExpectFailure, privateHost) }}, - } - - // We need to run a series of parallel funcs inside a serial func in order to ensure that defer statements are ran after they've all completed - t.Run("sshConnections", func(t *testing.T) { - for _, check := range sshChecks { - check := check // capture variable in local scope - - t.Run(check.Name, func(t *testing.T) { - t.Parallel() - check.Check(t) - }) + test_structure.RunTestStage(t, "ssh_tests", func() { + terraformOptions := test_structure.LoadTerraformOptions(t, exampleDir) + project := test_structure.LoadString(t, exampleDir, KEY_PROJECT) + + address := terraform.Output(t, terraformOptions, "address") + googleIdentity := gcp.GetGoogleIdentityEmailEnvVar(t) + + keyPair := ssh.GenerateRSAKeyPair(t, 2048) + key := keyPair.PublicKey + + user := googleIdentity + + defer gcp.DeleteSSHKey(t, user, key) + gcp.ImportSSHKey(t, user, key) + + loginProfile := gcp.GetLoginProfile(t, user) + sshUsername := loginProfile.PosixAccounts[0].Username + + bastionHost := ssh.Host{ + Hostname: address, + SshKeyPair: keyPair, + SshUserName: sshUsername, + } + + private := FetchFromOutput(t, terraformOptions, project, "private_instance") + privateHost := ssh.Host{ + Hostname: private.Name, + SshKeyPair: keyPair, + SshUserName: sshUsername, } + + sshChecks := []SSHCheck{ + // Success + {"bastion", func(t *testing.T) { testSSHOn1Host(t, ExpectSuccess, bastionHost) }}, + {"bastion to private", func(t *testing.T) { testSSHOn2Hosts(t, ExpectSuccess, bastionHost, privateHost) }}, + + // Failure + {"private", func(t *testing.T) { testSSHOn1Host(t, ExpectFailure, privateHost) }}, + } + + // We need to run a series of parallel funcs inside a serial func in order to ensure that defer statements are ran after they've all completed + t.Run("sshConnections", func(t *testing.T) { + for _, check := range sshChecks { + check := check // capture variable in local scope + + t.Run(check.Name, func(t *testing.T) { + t.Parallel() + check.Check(t) + }) + } + }) }) + } diff --git a/test/management_network_test.go b/test/management_network_test.go index 6876c47..7d9dad2 100644 --- a/test/management_network_test.go +++ b/test/management_network_test.go @@ -15,168 +15,196 @@ import ( "github.com/gruntwork-io/terratest/modules/test-structure" ) -// TODO: Add test stages func TestNetworkManagement(t *testing.T) { t.Parallel() - testFolder := test_structure.CopyTerraformFolderToTemp(t, "..", "examples") - terraformModulePath := filepath.Join(testFolder, "network-management") + //os.Setenv("SKIP_bootstrap", "true") + //os.Setenv("SKIP_deploy", "true") + //os.Setenv("SKIP_validate_outputs", "true") + //os.Setenv("SKIP_ssh_tests", "true") + //os.Setenv("SKIP_teardown", "true") - project := gcp.GetGoogleProjectIDFromEnvVar(t) - region := gcp.GetRandomRegion(t, project, nil, nil) - terratestOptions := createNetworkManagementTerraformOptions(t, strings.ToLower(random.UniqueId()), project, region, terraformModulePath) - defer terraform.Destroy(t, terratestOptions) + _examplesDir := test_structure.CopyTerraformFolderToTemp(t, "../", "examples") + exampleDir := filepath.Join(_examplesDir, "network-management") - terraform.InitAndApply(t, terratestOptions) + test_structure.RunTestStage(t, "bootstrap", func() { + projectId := gcp.GetGoogleProjectIDFromEnvVar(t) + region := getRandomRegion(t, projectId) + terraformOptions := createNetworkManagementTerraformOptions(t, strings.ToLower(random.UniqueId()), projectId, region, exampleDir) + + test_structure.SaveTerraformOptions(t, exampleDir, terraformOptions) + test_structure.SaveString(t, exampleDir, KEY_PROJECT, projectId) + }) + + // At the end of the test, run `terraform destroy` to clean up any resources that were created + defer test_structure.RunTestStage(t, "teardown", func() { + terraformOptions := test_structure.LoadTerraformOptions(t, exampleDir) + terraform.Destroy(t, terraformOptions) + }) + + test_structure.RunTestStage(t, "deploy", func() { + terraformOptions := test_structure.LoadTerraformOptions(t, exampleDir) + terraform.InitAndApply(t, terraformOptions) + }) /* Test Outputs */ // Guarantee that we see expected values from state - var stateValues = []struct { - outputKey string - expectedValue string - - // With two string insertion points - message string - }{ - // Testing the cidr block itself is just reading the value out of the Terraform config; - // by testing the gateway addresses, we've confirmed that the API had allocated the correct - // block, although not necessarily the correct size. - {"public_subnetwork_gateway", "10.0.0.1", "expected a public gateway of %s but saw %s"}, - {"private_subnetwork_gateway", "10.0.16.1", "expected a public gateway of %s but saw %s"}, - - // Network tags as interpolation targets - {"public", "public", "expected a tag of %s but saw %s"}, - {"private", "private", "expected a tag of %s but saw %s"}, - {"private_persistence", "private-persistence", "expected a tag of %s but saw %s"}, - } + test_structure.RunTestStage(t, "validate_outputs", func() { + terraformOptions := test_structure.LoadTerraformOptions(t, exampleDir) + + var stateValues = []struct { + outputKey string + expectedValue string + + // With two string insertion points + message string + }{ + // Testing the cidr block itself is just reading the value out of the Terraform config; + // by testing the gateway addresses, we've confirmed that the API had allocated the correct + // block, although not necessarily the correct size. + {"public_subnetwork_gateway", "10.0.0.1", "expected a public gateway of %s but saw %s"}, + {"private_subnetwork_gateway", "10.0.16.1", "expected a public gateway of %s but saw %s"}, + + // Network tags as interpolation targets + {"public", "public", "expected a tag of %s but saw %s"}, + {"private", "private", "expected a tag of %s but saw %s"}, + {"private_persistence", "private-persistence", "expected a tag of %s but saw %s"}, + } - for _, tt := range stateValues { - t.Run(tt.outputKey, func(t *testing.T) { - value, err := terraform.OutputE(t, terratestOptions, tt.outputKey) - if err != nil { - t.Errorf("could not find %s in outputs: %s", tt.outputKey, err) - } + for _, tt := range stateValues { + t.Run(tt.outputKey, func(t *testing.T) { + value, err := terraform.OutputE(t, terraformOptions, tt.outputKey) + if err != nil { + t.Errorf("could not find %s in outputs: %s", tt.outputKey, err) + } - if value != tt.expectedValue { - t.Errorf(tt.message, tt.expectedValue, value) - } - }) - } + if value != tt.expectedValue { + t.Errorf(tt.message, tt.expectedValue, value) + } + }) + } + }) /* Test SSH */ - external := FetchFromOutput(t, terratestOptions, project, "instance_default_network") - publicWithIp := FetchFromOutput(t, terratestOptions, project, "instance_public_with_ip") - publicWithoutIp := FetchFromOutput(t, terratestOptions, project, "instance_public_without_ip") - privatePublic := FetchFromOutput(t, terratestOptions, project, "instance_private_public") - private := FetchFromOutput(t, terratestOptions, project, "instance_private") - privatePersistence := FetchFromOutput(t, terratestOptions, project, "instance_private_persistence") - - keyPair := ssh.GenerateRSAKeyPair(t, 2048) - sshUsername := "terratest" - - // Attach the SSH Key to each instances so we can access them at will later - for _, v := range []*gcp.Instance{external, publicWithIp, publicWithoutIp, privatePublic, private, privatePersistence} { - // Adding instance metadata uses a shared fingerprint per-project, and it's (slightly) eventually consistent. - // This means we'll get an error on mismatch, so we can try a few times and make sure we get it right. - retry.DoWithRetry(t, "Adding SSH Key", 20, 1*time.Second, func() (string, error) { - err := v.AddSshKeyE(t, sshUsername, keyPair.PublicKey) - return "", err - }) - } + test_structure.RunTestStage(t, "ssh_tests", func() { + project := test_structure.LoadString(t, exampleDir, KEY_PROJECT) + terraformOptions := test_structure.LoadTerraformOptions(t, exampleDir) + + external := FetchFromOutput(t, terraformOptions, project, "instance_default_network") + publicWithIp := FetchFromOutput(t, terraformOptions, project, "instance_public_with_ip") + publicWithoutIp := FetchFromOutput(t, terraformOptions, project, "instance_public_without_ip") + privatePublic := FetchFromOutput(t, terraformOptions, project, "instance_private_public") + private := FetchFromOutput(t, terraformOptions, project, "instance_private") + privatePersistence := FetchFromOutput(t, terraformOptions, project, "instance_private_persistence") + + keyPair := ssh.GenerateRSAKeyPair(t, 2048) + sshUsername := "terratest" + + // Attach the SSH Key to each instances so we can access them at will later + for _, v := range []*gcp.Instance{external, publicWithIp, publicWithoutIp, privatePublic, private, privatePersistence} { + // Adding instance metadata uses a shared fingerprint per-project, and it's (slightly) eventually consistent. + // This means we'll get an error on mismatch, so we can try a few times and make sure we get it right. + retry.DoWithRetry(t, "Adding SSH Key", 20, 1*time.Second, func() (string, error) { + err := v.AddSshKeyE(t, sshUsername, keyPair.PublicKey) + return "", err + }) + } - // "external internet" settings pulled from the instance in the default network - externalHost := ssh.Host{ - Hostname: external.GetPublicIp(t), - SshKeyPair: keyPair, - SshUserName: sshUsername, - } + // "external internet" settings pulled from the instance in the default network + externalHost := ssh.Host{ + Hostname: external.GetPublicIp(t), + SshKeyPair: keyPair, + SshUserName: sshUsername, + } - // We can SSH to the public instance w/ an IP - publicWithIpHost := ssh.Host{ - Hostname: publicWithIp.GetPublicIp(t), - SshKeyPair: keyPair, - SshUserName: sshUsername, - } + // We can SSH to the public instance w/ an IP + publicWithIpHost := ssh.Host{ + Hostname: publicWithIp.GetPublicIp(t), + SshKeyPair: keyPair, + SshUserName: sshUsername, + } - // The public instance w/ no IP can't be accessed directly but can through a bastion - if _, err := publicWithoutIp.GetPublicIpE(t); err == nil { - t.Errorf("Found an external IP on %s when it should have had none", publicWithoutIp.Name) - } + // The public instance w/ no IP can't be accessed directly but can through a bastion + if _, err := publicWithoutIp.GetPublicIpE(t); err == nil { + t.Errorf("Found an external IP on %s when it should have had none", publicWithoutIp.Name) + } - publicWithoutIpHost := ssh.Host{ - Hostname: publicWithoutIp.Name, - SshKeyPair: keyPair, - SshUserName: sshUsername, - } + publicWithoutIpHost := ssh.Host{ + Hostname: publicWithoutIp.Name, + SshKeyPair: keyPair, + SshUserName: sshUsername, + } - // The private instance tagged public w/ no IP can't be accessed directly but can through a bastion - if _, err := privatePublic.GetPublicIpE(t); err == nil { - t.Errorf("Found an external IP on %s when it should have had none", privatePublic.Name) - } + // The private instance tagged public w/ no IP can't be accessed directly but can through a bastion + if _, err := privatePublic.GetPublicIpE(t); err == nil { + t.Errorf("Found an external IP on %s when it should have had none", privatePublic.Name) + } - privatePublicHost := ssh.Host{ - Hostname: privatePublic.Name, - SshKeyPair: keyPair, - SshUserName: sshUsername, - } + privatePublicHost := ssh.Host{ + Hostname: privatePublic.Name, + SshKeyPair: keyPair, + SshUserName: sshUsername, + } - // The private instance [in a private subnetwork] w/ no IP can't be accessed directly but can through a bastion - if _, err := private.GetPublicIpE(t); err == nil { - t.Errorf("Found an external IP on %s when it should have had none", private.Name) - } + // The private instance [in a private subnetwork] w/ no IP can't be accessed directly but can through a bastion + if _, err := private.GetPublicIpE(t); err == nil { + t.Errorf("Found an external IP on %s when it should have had none", private.Name) + } - privateHost := ssh.Host{ - Hostname: private.Name, - SshKeyPair: keyPair, - SshUserName: sshUsername, - } + privateHost := ssh.Host{ + Hostname: private.Name, + SshKeyPair: keyPair, + SshUserName: sshUsername, + } - // The private-persistence instance [in a private subnetwork] w/ no IP can't be accessed directly but can through a bastion from a private instance - if _, err := privatePersistence.GetPublicIpE(t); err == nil { - t.Errorf("Found an external IP on %s when it should have had none", privatePersistence.Name) - } + // The private-persistence instance [in a private subnetwork] w/ no IP can't be accessed directly but can through a bastion from a private instance + if _, err := privatePersistence.GetPublicIpE(t); err == nil { + t.Errorf("Found an external IP on %s when it should have had none", privatePersistence.Name) + } - privatePersistenceHost := ssh.Host{ - Hostname: privatePersistence.Name, - SshKeyPair: keyPair, - SshUserName: sshUsername, - } + privatePersistenceHost := ssh.Host{ + Hostname: privatePersistence.Name, + SshKeyPair: keyPair, + SshUserName: sshUsername, + } - sshChecks := []SSHCheck{ - // Success - {"public", func(t *testing.T) { testSSHOn1Host(t, ExpectSuccess, publicWithIpHost) }}, - {"public to external", func(t *testing.T) { testSSHOn2Hosts(t, ExpectSuccess, publicWithIpHost, externalHost) }}, - {"public to public-no-ip", func(t *testing.T) { testSSHOn2Hosts(t, ExpectSuccess, publicWithIpHost, publicWithoutIpHost) }}, - {"public to private-public", func(t *testing.T) { testSSHOn2Hosts(t, ExpectSuccess, publicWithIpHost, privatePublicHost) }}, - {"public to private", func(t *testing.T) { testSSHOn2Hosts(t, ExpectSuccess, publicWithIpHost, privateHost) }}, - // TODO: Add a third jump to terratest to test the following: - // {"public to privatePublic to external", func(t *testing.T) { testSSHOn3Hosts(t, ExpectSuccess, publicWithIpHost, privatePublicHost, externalHost)} }, - // {"public to private to private-persistence", func(t *testing.T) { testSSHOn3Hosts(t, ExpectSuccess, publicWithIpHost, privateHost, privatePersistenceHost)} }, - - // Failure - {"public-no-ip", func(t *testing.T) { testSSHOn1Host(t, ExpectFailure, publicWithoutIpHost) }}, - {"private-public", func(t *testing.T) { testSSHOn1Host(t, ExpectFailure, privatePublicHost) }}, - {"private", func(t *testing.T) { testSSHOn1Host(t, ExpectFailure, privateHost) }}, - {"public to private-persistence", func(t *testing.T) { testSSHOn2Hosts(t, ExpectFailure, publicWithIpHost, privatePersistenceHost) }}, - // TODO: Add a third jump to terratest to test the following: - // {"public to private to external", func(t *testing.T) { testSSHOn3Hosts(t, ExpectFailure, publicWithIpHost, privateHost, externalHost)} }, - } + sshChecks := []SSHCheck{ + // Success + {"public", func(t *testing.T) { testSSHOn1Host(t, ExpectSuccess, publicWithIpHost) }}, + {"public to external", func(t *testing.T) { testSSHOn2Hosts(t, ExpectSuccess, publicWithIpHost, externalHost) }}, + {"public to public-no-ip", func(t *testing.T) { testSSHOn2Hosts(t, ExpectSuccess, publicWithIpHost, publicWithoutIpHost) }}, + {"public to private-public", func(t *testing.T) { testSSHOn2Hosts(t, ExpectSuccess, publicWithIpHost, privatePublicHost) }}, + {"public to private", func(t *testing.T) { testSSHOn2Hosts(t, ExpectSuccess, publicWithIpHost, privateHost) }}, + // TODO: Add a third jump to terratest to test the following: + // {"public to privatePublic to external", func(t *testing.T) { testSSHOn3Hosts(t, ExpectSuccess, publicWithIpHost, privatePublicHost, externalHost)} }, + // {"public to private to private-persistence", func(t *testing.T) { testSSHOn3Hosts(t, ExpectSuccess, publicWithIpHost, privateHost, privatePersistenceHost)} }, + + // Failure + {"public-no-ip", func(t *testing.T) { testSSHOn1Host(t, ExpectFailure, publicWithoutIpHost) }}, + {"private-public", func(t *testing.T) { testSSHOn1Host(t, ExpectFailure, privatePublicHost) }}, + {"private", func(t *testing.T) { testSSHOn1Host(t, ExpectFailure, privateHost) }}, + {"public to private-persistence", func(t *testing.T) { testSSHOn2Hosts(t, ExpectFailure, publicWithIpHost, privatePersistenceHost) }}, + // TODO: Add a third jump to terratest to test the following: + // {"public to private to external", func(t *testing.T) { testSSHOn3Hosts(t, ExpectFailure, publicWithIpHost, privateHost, externalHost)} }, + } - // We need to run a series of parallel funcs inside a serial func in order to ensure that defer statements are ran after they've all completed - t.Run("sshConnections", func(t *testing.T) { - for _, check := range sshChecks { - check := check // capture variable in local scope + // We need to run a series of parallel funcs inside a serial func in order to ensure that defer statements are ran after they've all completed + t.Run("sshConnections", func(t *testing.T) { + for _, check := range sshChecks { + check := check // capture variable in local scope - t.Run(check.Name, func(t *testing.T) { - t.Parallel() - check.Check(t) - }) - } + t.Run(check.Name, func(t *testing.T) { + t.Parallel() + check.Check(t) + }) + } + }) }) + } type SSHCheck struct { diff --git a/test/network_helpers.go b/test/network_helpers.go index 7390c72..c025144 100644 --- a/test/network_helpers.go +++ b/test/network_helpers.go @@ -9,6 +9,8 @@ import ( "github.com/gruntwork-io/terratest/modules/terraform" ) +const KEY_PROJECT = "project" + var ( ExpectSuccess = true ExpectFailure = false @@ -33,3 +35,9 @@ func GetResourceNameFromSelfLink(link string) string { parts := strings.Split(link, "/") return parts[len(parts)-1] } + +func getRandomRegion(t *testing.T, projectID string) string { + approvedRegions := []string{"europe-north1", "europe-west1", "europe-west2", "europe-west3", "us-central1", "us-east1", "us-west1"} + //approvedRegions := []string{"europe-north1"} + return gcp.GetRandomRegion(t, projectID, approvedRegions, []string{}) +} From 0812bfaf36f7632c84386f8f49a095f49add61e9 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Fri, 7 Jun 2019 08:39:53 +0300 Subject: [PATCH 14/16] Typed vars --- examples/bastion-host/variables.tf | 4 ++++ examples/network-host-application/variables.tf | 3 +++ examples/network-management/variables.tf | 3 +++ modules/bastion-host/variables.tf | 7 +++++++ modules/network-firewall/variables.tf | 5 +++++ modules/network-peering/variables.tf | 3 +++ modules/project-host-configuration/variables.tf | 2 +- modules/vpc-network/variables.tf | 10 ++++++++++ variables.tf | 3 +++ 9 files changed, 39 insertions(+), 1 deletion(-) diff --git a/examples/bastion-host/variables.tf b/examples/bastion-host/variables.tf index 636606b..1640c14 100644 --- a/examples/bastion-host/variables.tf +++ b/examples/bastion-host/variables.tf @@ -5,14 +5,17 @@ variable "project" { description = "The name of the GCP Project where all resources will be launched." + type = "string" } variable "region" { description = "The region in which the VPC netowrk's subnetwork will be created." + type = "string" } variable "zone" { description = "The zone in which the bastion host VM instance will be launched. Must be within the region." + type = "string" } # --------------------------------------------------------------------------------------------------------------------- @@ -22,6 +25,7 @@ variable "zone" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." + type = "string" default = "bastion" } diff --git a/examples/network-host-application/variables.tf b/examples/network-host-application/variables.tf index 4ab0fa4..79da709 100644 --- a/examples/network-host-application/variables.tf +++ b/examples/network-host-application/variables.tf @@ -5,10 +5,12 @@ variable "project" { description = "The name of the GCP Project where all resources will be launched." + type = "string" } variable "region" { description = "The Region in which all GCP resources will be launched." + type = "string" } # --------------------------------------------------------------------------------------------------------------------- @@ -18,6 +20,7 @@ variable "region" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." + type = "string" default = "application" } diff --git a/examples/network-management/variables.tf b/examples/network-management/variables.tf index 9a6dfa0..9b47b80 100644 --- a/examples/network-management/variables.tf +++ b/examples/network-management/variables.tf @@ -5,10 +5,12 @@ variable "project" { description = "The name of the GCP Project where all resources will be launched." + type = "string" } variable "region" { description = "The Region in which all GCP resources will be launched." + type = "string" } # --------------------------------------------------------------------------------------------------------------------- @@ -18,6 +20,7 @@ variable "region" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." + type = "string" default = "management" } diff --git a/modules/bastion-host/variables.tf b/modules/bastion-host/variables.tf index f6fa755..2175180 100644 --- a/modules/bastion-host/variables.tf +++ b/modules/bastion-host/variables.tf @@ -5,18 +5,22 @@ variable "instance_name" { description = "The name of the VM instance" + type = "string" } variable "subnetwork" { description = "A reference (self_link) to the subnetwork to place the bastion host in" + type = "string" } variable "project" { description = "The project to create the bastion host in. Must match the subnetwork project." + type = "string" } variable "zone" { description = "The zone to create the bastion host in. Must be within the subnetwork region." + type = "string" } # --------------------------------------------------------------------------------------------------------------------- @@ -26,16 +30,19 @@ variable "zone" { variable "tag" { description = "The GCP network tag to apply to the bastion host for firewall rules. Defaults to 'public', the expected public tag of this module." + type = "string" default = "public" } variable "machine_type" { description = "The machine type of the instance." + type = "string" default = "f1-micro" } variable "source_image" { description = "The source image to build the VM using. Specified by path reference or by {{project}}/{{image-family}}" + type = "string" default = "gce-uefi-images/ubuntu-1804-lts" } diff --git a/modules/network-firewall/variables.tf b/modules/network-firewall/variables.tf index ede5add..cf9f20c 100644 --- a/modules/network-firewall/variables.tf +++ b/modules/network-firewall/variables.tf @@ -5,21 +5,26 @@ variable "network" { description = "A reference (self_link) to the VPC network to apply firewall rules to" + type = "string" } variable "public_subnetwork" { description = "A reference (self_link) to the public subnetwork of the network" + type = "string" } variable "private_subnetwork" { description = "A reference (self_link) to the private subnetwork of the network" + type = "string" } variable "project" { description = "The project to create the firewall rules in. Must match the network project." + type = "string" } variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." + type = "string" } diff --git a/modules/network-peering/variables.tf b/modules/network-peering/variables.tf index f8d7201..f847b6a 100644 --- a/modules/network-peering/variables.tf +++ b/modules/network-peering/variables.tf @@ -5,10 +5,12 @@ variable "first_network" { description = "The self_link reference to the first network to peer" + type = "string" } variable "second_network" { description = "The self_link reference to the second network to peer" + type = "string" } # --------------------------------------------------------------------------------------------------------------------- @@ -18,6 +20,7 @@ variable "second_network" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." + type = "string" default = "peering" } diff --git a/modules/project-host-configuration/variables.tf b/modules/project-host-configuration/variables.tf index e014a27..4c6bd5d 100644 --- a/modules/project-host-configuration/variables.tf +++ b/modules/project-host-configuration/variables.tf @@ -5,5 +5,5 @@ variable "project" { description = "The project ID for the project to enable as a host project" + type = "string" } - diff --git a/modules/vpc-network/variables.tf b/modules/vpc-network/variables.tf index ffb7860..4a131d6 100644 --- a/modules/vpc-network/variables.tf +++ b/modules/vpc-network/variables.tf @@ -5,14 +5,17 @@ variable "project" { description = "The project ID for the network" + type = "string" } variable "region" { description = "The region for subnetworks in the network" + type = "string" } variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." + type = "string" } # --------------------------------------------------------------------------------------------------------------------- @@ -23,35 +26,42 @@ variable "name_prefix" { variable "cidr_block" { description = "The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." default = "10.0.0.0/16" + type = "string" } variable "cidr_subnetwork_width_delta" { description = "The difference between your network and subnetwork netmask; an /16 network and a /20 subnetwork would be 4." + type = "number" default = 4 } variable "cidr_subnetwork_spacing" { description = "How many subnetwork-mask sized spaces to leave between each subnetwork type." + type = "number" default = 0 } variable "secondary_cidr_block" { description = "The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." + type = "string" default = "10.1.0.0/16" } variable "secondary_cidr_subnetwork_width_delta" { description = "The difference between your network and subnetwork's secondary range netmask; an /16 network and a /20 subnetwork would be 4." + type = "number" default = 4 } variable "secondary_cidr_subnetwork_spacing" { description = "How many subnetwork-mask sized spaces to leave between each subnetwork type's secondary ranges." + type = "number" default = 0 } variable "enable_flow_logging" { description = "Whether to enable VPC Flow Logs being sent to Stackdriver (https://cloud.google.com/vpc/docs/using-flow-logs)" + type = "bool" default = true } diff --git a/variables.tf b/variables.tf index 9a6dfa0..9b47b80 100644 --- a/variables.tf +++ b/variables.tf @@ -5,10 +5,12 @@ variable "project" { description = "The name of the GCP Project where all resources will be launched." + type = "string" } variable "region" { description = "The Region in which all GCP resources will be launched." + type = "string" } # --------------------------------------------------------------------------------------------------------------------- @@ -18,6 +20,7 @@ variable "region" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." + type = "string" default = "management" } From 4ac7ca720932d47acb2ab21fa63b8e2e54b77aae Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Fri, 7 Jun 2019 08:50:20 +0300 Subject: [PATCH 15/16] Typed vars - remove quotes --- examples/bastion-host/variables.tf | 8 ++++---- .../network-host-application/variables.tf | 6 +++--- examples/network-management/variables.tf | 6 +++--- modules/bastion-host/variables.tf | 14 ++++++------- modules/network-firewall/variables.tf | 10 +++++----- modules/network-peering/variables.tf | 6 +++--- .../project-host-configuration/variables.tf | 2 +- modules/vpc-network/variables.tf | 20 +++++++++---------- variables.tf | 6 +++--- 9 files changed, 39 insertions(+), 39 deletions(-) diff --git a/examples/bastion-host/variables.tf b/examples/bastion-host/variables.tf index 1640c14..86c1eb7 100644 --- a/examples/bastion-host/variables.tf +++ b/examples/bastion-host/variables.tf @@ -5,17 +5,17 @@ variable "project" { description = "The name of the GCP Project where all resources will be launched." - type = "string" + type = string } variable "region" { description = "The region in which the VPC netowrk's subnetwork will be created." - type = "string" + type = string } variable "zone" { description = "The zone in which the bastion host VM instance will be launched. Must be within the region." - type = "string" + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -25,7 +25,7 @@ variable "zone" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." - type = "string" + type = string default = "bastion" } diff --git a/examples/network-host-application/variables.tf b/examples/network-host-application/variables.tf index 79da709..25286e9 100644 --- a/examples/network-host-application/variables.tf +++ b/examples/network-host-application/variables.tf @@ -5,12 +5,12 @@ variable "project" { description = "The name of the GCP Project where all resources will be launched." - type = "string" + type = string } variable "region" { description = "The Region in which all GCP resources will be launched." - type = "string" + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -20,7 +20,7 @@ variable "region" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." - type = "string" + type = string default = "application" } diff --git a/examples/network-management/variables.tf b/examples/network-management/variables.tf index 9b47b80..b80f3cb 100644 --- a/examples/network-management/variables.tf +++ b/examples/network-management/variables.tf @@ -5,12 +5,12 @@ variable "project" { description = "The name of the GCP Project where all resources will be launched." - type = "string" + type = string } variable "region" { description = "The Region in which all GCP resources will be launched." - type = "string" + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -20,7 +20,7 @@ variable "region" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." - type = "string" + type = string default = "management" } diff --git a/modules/bastion-host/variables.tf b/modules/bastion-host/variables.tf index 2175180..9711b60 100644 --- a/modules/bastion-host/variables.tf +++ b/modules/bastion-host/variables.tf @@ -5,22 +5,22 @@ variable "instance_name" { description = "The name of the VM instance" - type = "string" + type = string } variable "subnetwork" { description = "A reference (self_link) to the subnetwork to place the bastion host in" - type = "string" + type = string } variable "project" { description = "The project to create the bastion host in. Must match the subnetwork project." - type = "string" + type = string } variable "zone" { description = "The zone to create the bastion host in. Must be within the subnetwork region." - type = "string" + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -30,19 +30,19 @@ variable "zone" { variable "tag" { description = "The GCP network tag to apply to the bastion host for firewall rules. Defaults to 'public', the expected public tag of this module." - type = "string" + type = string default = "public" } variable "machine_type" { description = "The machine type of the instance." - type = "string" + type = string default = "f1-micro" } variable "source_image" { description = "The source image to build the VM using. Specified by path reference or by {{project}}/{{image-family}}" - type = "string" + type = string default = "gce-uefi-images/ubuntu-1804-lts" } diff --git a/modules/network-firewall/variables.tf b/modules/network-firewall/variables.tf index cf9f20c..7ba5249 100644 --- a/modules/network-firewall/variables.tf +++ b/modules/network-firewall/variables.tf @@ -5,26 +5,26 @@ variable "network" { description = "A reference (self_link) to the VPC network to apply firewall rules to" - type = "string" + type = string } variable "public_subnetwork" { description = "A reference (self_link) to the public subnetwork of the network" - type = "string" + type = string } variable "private_subnetwork" { description = "A reference (self_link) to the private subnetwork of the network" - type = "string" + type = string } variable "project" { description = "The project to create the firewall rules in. Must match the network project." - type = "string" + type = string } variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." - type = "string" + type = string } diff --git a/modules/network-peering/variables.tf b/modules/network-peering/variables.tf index f847b6a..7f87270 100644 --- a/modules/network-peering/variables.tf +++ b/modules/network-peering/variables.tf @@ -5,12 +5,12 @@ variable "first_network" { description = "The self_link reference to the first network to peer" - type = "string" + type = string } variable "second_network" { description = "The self_link reference to the second network to peer" - type = "string" + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -20,7 +20,7 @@ variable "second_network" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." - type = "string" + type = string default = "peering" } diff --git a/modules/project-host-configuration/variables.tf b/modules/project-host-configuration/variables.tf index 4c6bd5d..eaa9516 100644 --- a/modules/project-host-configuration/variables.tf +++ b/modules/project-host-configuration/variables.tf @@ -5,5 +5,5 @@ variable "project" { description = "The project ID for the project to enable as a host project" - type = "string" + type = string } diff --git a/modules/vpc-network/variables.tf b/modules/vpc-network/variables.tf index 4a131d6..1b7e986 100644 --- a/modules/vpc-network/variables.tf +++ b/modules/vpc-network/variables.tf @@ -5,17 +5,17 @@ variable "project" { description = "The project ID for the network" - type = "string" + type = string } variable "region" { description = "The region for subnetworks in the network" - type = "string" + type = string } variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." - type = "string" + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -26,42 +26,42 @@ variable "name_prefix" { variable "cidr_block" { description = "The IP address range of the VPC in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." default = "10.0.0.0/16" - type = "string" + type = string } variable "cidr_subnetwork_width_delta" { description = "The difference between your network and subnetwork netmask; an /16 network and a /20 subnetwork would be 4." - type = "number" + type = number default = 4 } variable "cidr_subnetwork_spacing" { description = "How many subnetwork-mask sized spaces to leave between each subnetwork type." - type = "number" + type = number default = 0 } variable "secondary_cidr_block" { description = "The IP address range of the VPC's secondary address range in CIDR notation. A prefix of /16 is recommended. Do not use a prefix higher than /27." - type = "string" + type = string default = "10.1.0.0/16" } variable "secondary_cidr_subnetwork_width_delta" { description = "The difference between your network and subnetwork's secondary range netmask; an /16 network and a /20 subnetwork would be 4." - type = "number" + type = number default = 4 } variable "secondary_cidr_subnetwork_spacing" { description = "How many subnetwork-mask sized spaces to leave between each subnetwork type's secondary ranges." - type = "number" + type = number default = 0 } variable "enable_flow_logging" { description = "Whether to enable VPC Flow Logs being sent to Stackdriver (https://cloud.google.com/vpc/docs/using-flow-logs)" - type = "bool" + type = bool default = true } diff --git a/variables.tf b/variables.tf index 9b47b80..b80f3cb 100644 --- a/variables.tf +++ b/variables.tf @@ -5,12 +5,12 @@ variable "project" { description = "The name of the GCP Project where all resources will be launched." - type = "string" + type = string } variable "region" { description = "The Region in which all GCP resources will be launched." - type = "string" + type = string } # --------------------------------------------------------------------------------------------------------------------- @@ -20,7 +20,7 @@ variable "region" { variable "name_prefix" { description = "A name prefix used in resource names to ensure uniqueness across a project." - type = "string" + type = string default = "management" } From 8fe01e56c4fa9d9eab24dd8041cbddc477736308 Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Tue, 11 Jun 2019 15:07:44 +0300 Subject: [PATCH 16/16] [skip ci] Remove dead code --- test/network_helpers.go | 1 - 1 file changed, 1 deletion(-) diff --git a/test/network_helpers.go b/test/network_helpers.go index c025144..d1ddb69 100644 --- a/test/network_helpers.go +++ b/test/network_helpers.go @@ -38,6 +38,5 @@ func GetResourceNameFromSelfLink(link string) string { func getRandomRegion(t *testing.T, projectID string) string { approvedRegions := []string{"europe-north1", "europe-west1", "europe-west2", "europe-west3", "us-central1", "us-east1", "us-west1"} - //approvedRegions := []string{"europe-north1"} return gcp.GetRandomRegion(t, projectID, approvedRegions, []string{}) }