updates

.github/release-please.yml

@@ -1,2 +1,16 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 releaseType: terraform-module
 handleGHRelease: true

.gitignore

@@ -31,6 +31,9 @@ Session.vim
 *.tfstate
 *.tfstate.*
 
+# tf lock file
+**/.terraform.lock.hcl
+
 # Crash log files
 crash.log
 

5-infrastructure/business_unit_1/development/README.md

@@ -12,9 +12,6 @@
 | boa\_sql\_project\_id | Project ID for SQL | `string` | n/a | yes |
 | enforce\_bin\_auth\_policy | Enable or Disable creation of binary authorization policy | `bool` | `false` | no |
 | gcp\_shared\_vpc\_project\_id | The host project id of the shared VPC | `string` | n/a | yes |
-| gke\_cluster\_1\_cidr\_block | The primary IPv4 cidr block for the first GKE cluster. | `string` | `"100.64.78.0/28"` | no |
-| gke\_cluster\_2\_cidr\_block | The primary IPv4 cidr block for the second GKE cluster. | `string` | `"100.65.70.0/28"` | no |
-| gke\_mci\_cluster\_cidr\_block | The primary IPv4 cidr block for multi-cluster ingress (MCI). | `string` | `"100.64.70.0/28"` | no |
 | location\_primary | The primary region for deployment | `string` | `"us-east1"` | no |
 | location\_secondary | The secondary region for deployment | `string` | `"us-west1"` | no |
 | shared\_vpc\_name | The shared VPC network name | `string` | n/a | yes |

5-infrastructure/business_unit_1/development/providers.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,10 +18,6 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-terraform {
-  required_version = ">= 0.13"
-}
-
 /******************************************
   Provider credential configuration
  *****************************************/

5-infrastructure/business_unit_1/development/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -61,24 +61,6 @@ variable "boa_sql_project_id" {
   description = "Project ID for SQL"
 }
 
-variable "gke_cluster_1_cidr_block" {
-  type        = string
-  description = "The primary IPv4 cidr block for the first GKE cluster."
-  default     = "100.64.78.0/28"
-}
-
-variable "gke_cluster_2_cidr_block" {
-  type        = string
-  description = "The primary IPv4 cidr block for the second GKE cluster."
-  default     = "100.65.70.0/28"
-}
-
-variable "gke_mci_cluster_cidr_block" {
-  type        = string
-  description = "The primary IPv4 cidr block for multi-cluster ingress (MCI)."
-  default     = "100.64.70.0/28"
-}
-
 variable "enforce_bin_auth_policy" {
   type        = bool
   description = "Enable or Disable creation of binary authorization policy"

5-infrastructure/business_unit_1/development/version.tf

@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 3.50"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 4.0"
+    }
+  }
+}

5-infrastructure/business_unit_1/non-production/README.md

@@ -12,9 +12,6 @@
 | boa\_sql\_project\_id | Project ID for SQL | `string` | n/a | yes |
 | enforce\_bin\_auth\_policy | Enable or Disable creation of binary authorization policy | `bool` | `false` | no |
 | gcp\_shared\_vpc\_project\_id | The host project id of the shared VPC | `string` | n/a | yes |
-| gke\_cluster\_1\_cidr\_block | The primary IPv4 cidr block for the first GKE cluster. | `string` | `"100.64.142.0/28"` | no |
-| gke\_cluster\_2\_cidr\_block | The primary IPv4 cidr block for the second GKE cluster. | `string` | `"100.65.134.0/28"` | no |
-| gke\_mci\_cluster\_cidr\_block | The primary IPv4 cidr block for multi-cluster ingress (MCI). | `string` | `"100.64.134.0/28"` | no |
 | location\_primary | The primary region for deployment | `string` | `"us-east1"` | no |
 | location\_secondary | The secondary region for deployment | `string` | `"us-west1"` | no |
 | shared\_vpc\_name | The shared VPC network name | `string` | n/a | yes |

5-infrastructure/business_unit_1/non-production/providers.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,10 +18,6 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-terraform {
-  required_version = ">= 0.13"
-}
-
 /******************************************
   Provider credential configuration
  *****************************************/

5-infrastructure/business_unit_1/non-production/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -61,24 +61,6 @@ variable "boa_sql_project_id" {
   description = "Project ID for SQL"
 }
 
-variable "gke_cluster_1_cidr_block" {
-  type        = string
-  description = "The primary IPv4 cidr block for the first GKE cluster."
-  default     = "100.64.142.0/28"
-}
-
-variable "gke_cluster_2_cidr_block" {
-  type        = string
-  description = "The primary IPv4 cidr block for the second GKE cluster."
-  default     = "100.65.134.0/28"
-}
-
-variable "gke_mci_cluster_cidr_block" {
-  type        = string
-  description = "The primary IPv4 cidr block for multi-cluster ingress (MCI)."
-  default     = "100.64.134.0/28"
-}
-
 variable "enforce_bin_auth_policy" {
   type        = bool
   description = "Enable or Disable creation of binary authorization policy"

5-infrastructure/business_unit_1/non-production/version.tf

@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 4.0"
+    }
+  }
+}

5-infrastructure/business_unit_1/production/README.md

@@ -12,9 +12,6 @@
 | boa\_sql\_project\_id | Project ID for SQL | `string` | n/a | yes |
 | enforce\_bin\_auth\_policy | Enable or Disable creation of binary authorization policy | `bool` | `true` | no |
 | gcp\_shared\_vpc\_project\_id | The host project id of the shared VPC | `string` | n/a | yes |
-| gke\_cluster\_1\_cidr\_block | The primary IPv4 cidr block for the first GKE cluster. | `string` | `"100.64.206.0/28"` | no |
-| gke\_cluster\_2\_cidr\_block | The primary IPv4 cidr block for the second GKE cluster. | `string` | `"100.65.198.0/28"` | no |
-| gke\_mci\_cluster\_cidr\_block | The primary IPv4 cidr block for multi-cluster ingress (MCI). | `string` | `"100.64.198.0/28"` | no |
 | location\_primary | The primary region for deployment | `string` | `"us-east1"` | no |
 | location\_secondary | The secondary region for deployment | `string` | `"us-west1"` | no |
 | shared\_vpc\_name | The shared VPC network name | `string` | n/a | yes |

5-infrastructure/business_unit_1/production/providers.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,10 +18,6 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-terraform {
-  required_version = ">= 0.13"
-}
-
 /******************************************
   Provider credential configuration
  *****************************************/

5-infrastructure/business_unit_1/production/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -61,24 +61,6 @@ variable "boa_sql_project_id" {
   description = "Project ID for SQL"
 }
 
-variable "gke_cluster_1_cidr_block" {
-  type        = string
-  description = "The primary IPv4 cidr block for the first GKE cluster."
-  default     = "100.64.206.0/28"
-}
-
-variable "gke_cluster_2_cidr_block" {
-  type        = string
-  description = "The primary IPv4 cidr block for the second GKE cluster."
-  default     = "100.65.198.0/28"
-}
-
-variable "gke_mci_cluster_cidr_block" {
-  type        = string
-  description = "The primary IPv4 cidr block for multi-cluster ingress (MCI)."
-  default     = "100.64.198.0/28"
-}
-
 variable "enforce_bin_auth_policy" {
   type        = bool
   description = "Enable or Disable creation of binary authorization policy"

5-infrastructure/business_unit_1/production/version.tf

@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 4.0"
+    }
+  }
+}

5-infrastructure/business_unit_1/shared/providers.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,21 +18,6 @@ locals {
   tf_sa = var.app_cicd_build_sa
 }
 
-terraform {
-  required_version = ">=0.13.0"
-
-  required_providers {
-    google = {
-      source  = "hashicorp/google"
-      version = ">= 3.50"
-    }
-    google-beta = {
-      source  = "hashicorp/google-beta"
-      version = ">= 3.50"
-    }
-  }
-}
-
 /******************************************
   Provider credential configuration
  *****************************************/

5-infrastructure/business_unit_1/shared/version.tf

@@ -0,0 +1,33 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 4.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.3.0"
+    }
+  }
+}

5-infrastructure/modules/app_cicd_pipeline/binauthz.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,7 +17,7 @@
 resource "random_string" "keyring_name" {
   length  = 4
   special = false
-  number  = true
+  numeric = true
   upper   = false
   lower   = true
 }
@@ -40,7 +40,7 @@ resource "google_secret_manager_secret" "keyring-secret" {
   }
 
   replication {
-    automatic = true
+    auto {}
   }
 }
 
@@ -51,7 +51,7 @@ resource "google_secret_manager_secret_version" "keyring-secret-version" {
 
 module "attestors" {
   source   = "terraform-google-modules/kubernetes-engine/google//modules/binary-authorization"
-  version  = "~> 14.1"
+  version  = "~> 28.0"
   for_each = toset(var.attestor_names_prefix)
 
   project_id    = var.app_cicd_project_id