diff --git a/.github/dependabot.yml b/.github/dependabot.yml index cf0bbbd00..b25a8da42 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -33,3 +33,212 @@ updates: directory: "/" schedule: interval: weekly + +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/argocd" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/audit" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/bastion" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/ca" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/ctlog" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/dex" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/external_secrets" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/fulcio" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/gke_cluster" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/monitoring" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/monitoring/dex" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/monitoring/fulcio" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/monitoring/infra" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/monitoring/prober" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/monitoring/rekor" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/monitoring/slo" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/mysql-shard" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/mysql" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/network" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/oslogin" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/project_roles" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/redis" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/rekor" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/sigstore" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/timestamp" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" +- package-ecosystem: "terraform" + directory: "/terraform/gcp/modules/tuf" + schedule: + interval: weekly + groups: + terraform: + patterns: + - "*" diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index af9c11406..e1990ae74 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -26,7 +26,7 @@ jobs: - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.0 with: # TODO: extract terraform from the tf file when we have pinned - terraform_version: 1.3.9 + terraform_version: 1.6.3 - name: Terraform fmt id: fmt @@ -46,7 +46,7 @@ jobs: - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.0 with: # TODO: extract terraform from the tf file when we have pinned - terraform_version: 1.3.9 + terraform_version: 1.6.3 - name: Terraform init id: init diff --git a/terraform/gcp/modules/audit/versions.tf b/terraform/gcp/modules/audit/versions.tf index 6f157992b..3e146f0eb 100644 --- a/terraform/gcp/modules/audit/versions.tf +++ b/terraform/gcp/modules/audit/versions.tf @@ -15,16 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } } } diff --git a/terraform/gcp/modules/bastion/versions.tf b/terraform/gcp/modules/bastion/versions.tf index 9ef1696e5..fd01e1bde 100644 --- a/terraform/gcp/modules/bastion/versions.tf +++ b/terraform/gcp/modules/bastion/versions.tf @@ -15,19 +15,15 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } random = { - version = ">= 3.1.0, < 3.2.0" + version = "3.5.1" source = "hashicorp/random" } } diff --git a/terraform/gcp/modules/ca/versions.tf b/terraform/gcp/modules/ca/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/ca/versions.tf +++ b/terraform/gcp/modules/ca/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/ctlog/versions.tf b/terraform/gcp/modules/ctlog/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/ctlog/versions.tf +++ b/terraform/gcp/modules/ctlog/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/dex/versions.tf b/terraform/gcp/modules/dex/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/dex/versions.tf +++ b/terraform/gcp/modules/dex/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/fulcio/versions.tf b/terraform/gcp/modules/fulcio/versions.tf index 4076acd56..3e146f0eb 100644 --- a/terraform/gcp/modules/fulcio/versions.tf +++ b/terraform/gcp/modules/fulcio/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.26.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/gke_cluster/versions.tf b/terraform/gcp/modules/gke_cluster/versions.tf index 9ef1696e5..b121c3c69 100644 --- a/terraform/gcp/modules/gke_cluster/versions.tf +++ b/terraform/gcp/modules/gke_cluster/versions.tf @@ -15,19 +15,19 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } google-beta = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google-beta" } random = { - version = ">= 3.1.0, < 3.2.0" + version = "3.5.1" source = "hashicorp/random" } } diff --git a/terraform/gcp/modules/monitoring/dex/slo.tf b/terraform/gcp/modules/monitoring/dex/slo.tf index 25e766507..8c90e11a9 100644 --- a/terraform/gcp/modules/monitoring/dex/slo.tf +++ b/terraform/gcp/modules/monitoring/dex/slo.tf @@ -19,6 +19,7 @@ module "slos" { count = var.create_slos ? 1 : 0 project_id = var.project_id + project_number = var.project_number service_id = "dex" display_name = "Dex" resource_name = format("//container.googleapis.com/projects/%s/locations/%s/clusters/%s/k8s/namespaces/%s", var.project_id, var.cluster_location, var.cluster_name, var.gke_namespace) diff --git a/terraform/gcp/modules/monitoring/dex/variables.tf b/terraform/gcp/modules/monitoring/dex/variables.tf index 7f8065f92..83b520522 100644 --- a/terraform/gcp/modules/monitoring/dex/variables.tf +++ b/terraform/gcp/modules/monitoring/dex/variables.tf @@ -23,6 +23,15 @@ variable "project_id" { } } +variable "project_number" { + type = string + default = "" + validation { + condition = length(var.project_number) > 0 + error_message = "Must specify PROJECT_NUMBER variable." + } +} + variable "cluster_location" { type = string description = "Zone or Region to create cluster in." diff --git a/terraform/gcp/modules/monitoring/dex/versions.tf b/terraform/gcp/modules/monitoring/dex/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/monitoring/dex/versions.tf +++ b/terraform/gcp/modules/monitoring/dex/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/monitoring/fulcio/slo.tf b/terraform/gcp/modules/monitoring/fulcio/slo.tf index 2285208ed..c5092c216 100644 --- a/terraform/gcp/modules/monitoring/fulcio/slo.tf +++ b/terraform/gcp/modules/monitoring/fulcio/slo.tf @@ -19,6 +19,7 @@ module "slos" { count = var.create_slos ? 1 : 0 project_id = var.project_id + project_number = var.project_number service_id = "fulcio" display_name = "Fulcio" resource_name = format("//container.googleapis.com/projects/%s/locations/%s/clusters/%s/k8s/namespaces/%s", var.project_id, var.cluster_location, var.cluster_name, var.gke_namespace) @@ -110,6 +111,7 @@ module "ctlog_slos" { count = var.create_slos ? 1 : 0 project_id = var.project_id + project_number = var.project_number service_id = "ctlog" display_name = "CT Log" resource_name = format("//container.googleapis.com/projects/%s/locations/%s/clusters/%s/k8s/namespaces/%s", var.project_id, var.cluster_location, var.cluster_name, var.ctlog_gke_namespace) diff --git a/terraform/gcp/modules/monitoring/fulcio/variables.tf b/terraform/gcp/modules/monitoring/fulcio/variables.tf index 4ef4c1f19..568f2cbb3 100644 --- a/terraform/gcp/modules/monitoring/fulcio/variables.tf +++ b/terraform/gcp/modules/monitoring/fulcio/variables.tf @@ -23,6 +23,15 @@ variable "project_id" { } } +variable "project_number" { + type = string + default = "" + validation { + condition = length(var.project_number) > 0 + error_message = "Must specify PROJECT_NUMBER variable." + } +} + variable "cluster_location" { description = "Zone or Region to create cluster in." type = string diff --git a/terraform/gcp/modules/monitoring/fulcio/versions.tf b/terraform/gcp/modules/monitoring/fulcio/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/monitoring/fulcio/versions.tf +++ b/terraform/gcp/modules/monitoring/fulcio/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/monitoring/infra/versions.tf b/terraform/gcp/modules/monitoring/infra/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/monitoring/infra/versions.tf +++ b/terraform/gcp/modules/monitoring/infra/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/monitoring/prober/versions.tf b/terraform/gcp/modules/monitoring/prober/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/monitoring/prober/versions.tf +++ b/terraform/gcp/modules/monitoring/prober/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/monitoring/rekor/slo.tf b/terraform/gcp/modules/monitoring/rekor/slo.tf index 47d993744..dfd92f96b 100644 --- a/terraform/gcp/modules/monitoring/rekor/slo.tf +++ b/terraform/gcp/modules/monitoring/rekor/slo.tf @@ -19,6 +19,7 @@ module "slos" { count = var.create_slos ? 1 : 0 project_id = var.project_id + project_number = var.project_number service_id = "rekor" display_name = "Rekor" resource_name = format("//container.googleapis.com/projects/%s/locations/%s/clusters/%s/k8s/namespaces/%s", var.project_id, var.cluster_location, var.cluster_name, var.gke_namespace) diff --git a/terraform/gcp/modules/monitoring/rekor/variables.tf b/terraform/gcp/modules/monitoring/rekor/variables.tf index f3c89ed62..84e2479e1 100644 --- a/terraform/gcp/modules/monitoring/rekor/variables.tf +++ b/terraform/gcp/modules/monitoring/rekor/variables.tf @@ -23,6 +23,15 @@ variable "project_id" { } } +variable "project_number" { + type = string + default = "" + validation { + condition = length(var.project_number) > 0 + error_message = "Must specify PROJECT_NUMBER variable." + } +} + variable "cluster_location" { description = "Zone or Region to create cluster in." type = string diff --git a/terraform/gcp/modules/monitoring/rekor/versions.tf b/terraform/gcp/modules/monitoring/rekor/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/monitoring/rekor/versions.tf +++ b/terraform/gcp/modules/monitoring/rekor/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/monitoring/sigstore.tf b/terraform/gcp/modules/monitoring/sigstore.tf index e999dc2f1..81e414149 100644 --- a/terraform/gcp/modules/monitoring/sigstore.tf +++ b/terraform/gcp/modules/monitoring/sigstore.tf @@ -35,6 +35,7 @@ module "rekor" { source = "./rekor" project_id = var.project_id + project_number = var.project_number notification_channel_ids = var.notification_channel_ids rekor_url = var.rekor_url cluster_name = var.cluster_name @@ -52,6 +53,7 @@ module "fulcio" { source = "./fulcio" project_id = var.project_id + project_number = var.project_number notification_channel_ids = var.notification_channel_ids ctlog_url = var.ctlog_url fulcio_url = var.fulcio_url @@ -70,6 +72,7 @@ module "dex" { source = "./dex" project_id = var.project_id + project_number = var.project_number notification_channel_ids = var.notification_channel_ids cluster_name = var.cluster_name cluster_location = var.cluster_location diff --git a/terraform/gcp/modules/monitoring/slo/main.tf b/terraform/gcp/modules/monitoring/slo/main.tf index 497a8c5a7..d56efe42e 100644 --- a/terraform/gcp/modules/monitoring/slo/main.tf +++ b/terraform/gcp/modules/monitoring/slo/main.tf @@ -14,10 +14,6 @@ * limitations under the License. */ -data "google_project" "project" { - project_id = var.project_id -} - resource "google_monitoring_custom_service" "service" { project = var.project_id service_id = var.service_id @@ -120,8 +116,7 @@ resource "google_monitoring_alert_policy" "availability_burn_alert" { conditions { display_name = each.value.display_name condition_threshold { - filter = format("select_slo_burn_rate(\"projects/%s/services/%s/serviceLevelObjectives/%s\", %s)", data.google_project.project.number, google_monitoring_custom_service.service.service_id, - each.value.slo_id, each.value.window) + filter = format("select_slo_burn_rate(\"projects/%s/services/%s/serviceLevelObjectives/%s\", %s)", var.project_number, google_monitoring_custom_service.service.service_id, each.value.slo_id, each.value.window) threshold_value = each.value.burn_rate_threshold duration = "0s" comparison = "COMPARISON_GT" diff --git a/terraform/gcp/modules/monitoring/slo/variables.tf b/terraform/gcp/modules/monitoring/slo/variables.tf index 70da67b4c..c180bc1e8 100644 --- a/terraform/gcp/modules/monitoring/slo/variables.tf +++ b/terraform/gcp/modules/monitoring/slo/variables.tf @@ -24,6 +24,16 @@ variable "project_id" { } } +variable "project_number" { + description = "Project Number in which the monitored service lives. Must correspond to same project_id" + type = string + default = "" + validation { + condition = length(var.project_number) > 0 + error_message = "Must specify PROJECT_NUMBER variable." + } +} + variable "service_id" { description = "Resource ID for the monitoring service." type = string diff --git a/terraform/gcp/modules/monitoring/slo/versions.tf b/terraform/gcp/modules/monitoring/slo/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/monitoring/slo/versions.tf +++ b/terraform/gcp/modules/monitoring/slo/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/monitoring/variables.tf b/terraform/gcp/modules/monitoring/variables.tf index 274641928..409b28845 100644 --- a/terraform/gcp/modules/monitoring/variables.tf +++ b/terraform/gcp/modules/monitoring/variables.tf @@ -23,6 +23,15 @@ variable "project_id" { } } +variable "project_number" { + type = string + default = "" + validation { + condition = length(var.project_number) > 0 + error_message = "Must specify PROJECT_NUMBER variable." + } +} + variable "cluster_location" { type = string description = "Zone or Region to create cluster in." diff --git a/terraform/gcp/modules/monitoring/versions.tf b/terraform/gcp/modules/monitoring/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/monitoring/versions.tf +++ b/terraform/gcp/modules/monitoring/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/mysql-shard/versions.tf b/terraform/gcp/modules/mysql-shard/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/mysql-shard/versions.tf +++ b/terraform/gcp/modules/mysql-shard/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/mysql/mysql.tf b/terraform/gcp/modules/mysql/mysql.tf index c85486faf..022fdf274 100644 --- a/terraform/gcp/modules/mysql/mysql.tf +++ b/terraform/gcp/modules/mysql/mysql.tf @@ -201,7 +201,7 @@ resource "google_secret_manager_secret" "mysql-password" { secret_id = "mysql-password" replication { - automatic = true + auto {} } depends_on = [google_project_service.service] } @@ -216,7 +216,7 @@ resource "google_secret_manager_secret" "mysql-user" { secret_id = "mysql-user" replication { - automatic = true + auto {} } depends_on = [google_project_service.service] } @@ -230,7 +230,7 @@ resource "google_secret_manager_secret" "mysql-database" { secret_id = "mysql-database" replication { - automatic = true + auto {} } depends_on = [google_project_service.service] } diff --git a/terraform/gcp/modules/mysql/versions.tf b/terraform/gcp/modules/mysql/versions.tf index 9ef1696e5..fd01e1bde 100644 --- a/terraform/gcp/modules/mysql/versions.tf +++ b/terraform/gcp/modules/mysql/versions.tf @@ -15,19 +15,15 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } random = { - version = ">= 3.1.0, < 3.2.0" + version = "3.5.1" source = "hashicorp/random" } } diff --git a/terraform/gcp/modules/network/versions.tf b/terraform/gcp/modules/network/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/network/versions.tf +++ b/terraform/gcp/modules/network/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/oslogin/versions.tf b/terraform/gcp/modules/oslogin/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/oslogin/versions.tf +++ b/terraform/gcp/modules/oslogin/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/project_roles/main.tf b/terraform/gcp/modules/project_roles/main.tf index 2a88fe2ea..e4e4a1aab 100644 --- a/terraform/gcp/modules/project_roles/main.tf +++ b/terraform/gcp/modules/project_roles/main.tf @@ -12,15 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -terraform { - required_version = ">= 1.1.5" - required_providers { - google = { - version = ">= 4.11.0" - } - } -} - // Enable required services for this module resource "google_project_service" "service" { for_each = toset([ diff --git a/terraform/gcp/modules/project_roles/versions.tf b/terraform/gcp/modules/project_roles/versions.tf new file mode 100644 index 000000000..3e146f0eb --- /dev/null +++ b/terraform/gcp/modules/project_roles/versions.tf @@ -0,0 +1,26 @@ +/** + * Copyright 2022 The Sigstore Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "1.6.3" + + required_providers { + google = { + version = "5.4.0" + source = "hashicorp/google" + } + } +} diff --git a/terraform/gcp/modules/redis/main.tf b/terraform/gcp/modules/redis/main.tf index d05bbd067..2645cd94e 100644 --- a/terraform/gcp/modules/redis/main.tf +++ b/terraform/gcp/modules/redis/main.tf @@ -47,21 +47,6 @@ resource "google_service_networking_connection" "private_service_connection" { reserved_peering_ranges = [google_compute_global_address.service_range.name] } -data "google_compute_zones" "available" { - // All available AZ in our region - region = var.region -} - -resource "random_shuffle" "redis_az" { - // Randomly select two AZ from our region for the redis - input = data.google_compute_zones.available.names - result_count = 2 - - lifecycle { - ignore_changes = all - } -} - resource "google_redis_instance" "index" { display_name = "Rekor Index Instance" name = "rekor-index" @@ -69,16 +54,13 @@ resource "google_redis_instance" "index" { memory_size_gb = var.memory_size_gb redis_version = "REDIS_6_X" - region = var.region // Used for naming, location determined by location_id - location_id = random_shuffle.redis_az.result[0] - alternative_location_id = random_shuffle.redis_az.result[1] + region = var.region // Used for naming transit_encryption_mode = "DISABLED" // Consider enabling when Rekor is updated to support TLS with Redis client. authorized_network = var.network connect_mode = "PRIVATE_SERVICE_ACCESS" - depends_on = [google_service_networking_connection.private_service_connection] } diff --git a/terraform/gcp/modules/redis/versions.tf b/terraform/gcp/modules/redis/versions.tf index 9ef1696e5..fd01e1bde 100644 --- a/terraform/gcp/modules/redis/versions.tf +++ b/terraform/gcp/modules/redis/versions.tf @@ -15,19 +15,15 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } random = { - version = ">= 3.1.0, < 3.2.0" + version = "3.5.1" source = "hashicorp/random" } } diff --git a/terraform/gcp/modules/rekor/versions.tf b/terraform/gcp/modules/rekor/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/rekor/versions.tf +++ b/terraform/gcp/modules/rekor/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/sigstore/sigstore.tf b/terraform/gcp/modules/sigstore/sigstore.tf index 5c28f3fe3..511527089 100644 --- a/terraform/gcp/modules/sigstore/sigstore.tf +++ b/terraform/gcp/modules/sigstore/sigstore.tf @@ -78,6 +78,7 @@ module "monitoring" { count = var.monitoring.enabled ? 1 : 0 project_id = var.project_id + project_number = var.project_number cluster_location = module.gke-cluster.cluster_location cluster_name = var.cluster_name ca_pool_name = var.ca_pool_name diff --git a/terraform/gcp/modules/sigstore/variables.tf b/terraform/gcp/modules/sigstore/variables.tf index 251e9590f..de3cef42d 100644 --- a/terraform/gcp/modules/sigstore/variables.tf +++ b/terraform/gcp/modules/sigstore/variables.tf @@ -22,6 +22,14 @@ variable "project_id" { } } +variable "project_number" { + type = string + validation { + condition = length(var.project_number) > 0 + error_message = "Must specify project_number variable." + } +} + variable "region" { description = "The region in which to create the VPC network" type = string diff --git a/terraform/gcp/modules/sigstore/versions.tf b/terraform/gcp/modules/sigstore/versions.tf index 9ef1696e5..cda99516a 100644 --- a/terraform/gcp/modules/sigstore/versions.tf +++ b/terraform/gcp/modules/sigstore/versions.tf @@ -15,20 +15,16 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } google-beta = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google-beta" } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/timestamp/versions.tf b/terraform/gcp/modules/timestamp/versions.tf index 4076acd56..3e146f0eb 100644 --- a/terraform/gcp/modules/timestamp/versions.tf +++ b/terraform/gcp/modules/timestamp/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.26.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } } diff --git a/terraform/gcp/modules/tuf/versions.tf b/terraform/gcp/modules/tuf/versions.tf index 9ef1696e5..3e146f0eb 100644 --- a/terraform/gcp/modules/tuf/versions.tf +++ b/terraform/gcp/modules/tuf/versions.tf @@ -15,20 +15,12 @@ */ terraform { - required_version = ">= 1.1.3, < 1.4.0" + required_version = "1.6.3" required_providers { google = { - version = ">= 4.11.0, < 4.38.0" + version = "5.4.0" source = "hashicorp/google" } - google-beta = { - version = ">= 4.11.0, < 4.38.0" - source = "hashicorp/google-beta" - } - random = { - version = ">= 3.1.0, < 3.2.0" - source = "hashicorp/random" - } } }