diff --git a/.github/release-please.yml b/.github/release-please.yml
index 6366b9c..884357c 100644
--- a/.github/release-please.yml
+++ b/.github/release-please.yml
@@ -1,2 +1,16 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
releaseType: terraform-module
handleGHRelease: true
diff --git a/.gitignore b/.gitignore
index b6397e1..e5c335d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,6 +31,9 @@ Session.vim
*.tfstate
*.tfstate.*
+# tf lock file
+**/.terraform.lock.hcl
+
# Crash log files
crash.log
diff --git a/5-infrastructure/business_unit_1/development/README.md b/5-infrastructure/business_unit_1/development/README.md
index 7c5d4c5..60f9620 100644
--- a/5-infrastructure/business_unit_1/development/README.md
+++ b/5-infrastructure/business_unit_1/development/README.md
@@ -12,9 +12,6 @@
| boa\_sql\_project\_id | Project ID for SQL | `string` | n/a | yes |
| enforce\_bin\_auth\_policy | Enable or Disable creation of binary authorization policy | `bool` | `false` | no |
| gcp\_shared\_vpc\_project\_id | The host project id of the shared VPC | `string` | n/a | yes |
-| gke\_cluster\_1\_cidr\_block | The primary IPv4 cidr block for the first GKE cluster. | `string` | `"100.64.78.0/28"` | no |
-| gke\_cluster\_2\_cidr\_block | The primary IPv4 cidr block for the second GKE cluster. | `string` | `"100.65.70.0/28"` | no |
-| gke\_mci\_cluster\_cidr\_block | The primary IPv4 cidr block for multi-cluster ingress (MCI). | `string` | `"100.64.70.0/28"` | no |
| location\_primary | The primary region for deployment | `string` | `"us-east1"` | no |
| location\_secondary | The secondary region for deployment | `string` | `"us-west1"` | no |
| shared\_vpc\_name | The shared VPC network name | `string` | n/a | yes |
diff --git a/5-infrastructure/business_unit_1/development/providers.tf b/5-infrastructure/business_unit_1/development/providers.tf
index c4b7e78..2ecc441 100644
--- a/5-infrastructure/business_unit_1/development/providers.tf
+++ b/5-infrastructure/business_unit_1/development/providers.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,10 +18,6 @@ locals {
tf_sa = var.terraform_service_account
}
-terraform {
- required_version = ">= 0.13"
-}
-
/******************************************
Provider credential configuration
*****************************************/
diff --git a/5-infrastructure/business_unit_1/development/variables.tf b/5-infrastructure/business_unit_1/development/variables.tf
index 171e998..a8eae8f 100644
--- a/5-infrastructure/business_unit_1/development/variables.tf
+++ b/5-infrastructure/business_unit_1/development/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -61,24 +61,6 @@ variable "boa_sql_project_id" {
description = "Project ID for SQL"
}
-variable "gke_cluster_1_cidr_block" {
- type = string
- description = "The primary IPv4 cidr block for the first GKE cluster."
- default = "100.64.78.0/28"
-}
-
-variable "gke_cluster_2_cidr_block" {
- type = string
- description = "The primary IPv4 cidr block for the second GKE cluster."
- default = "100.65.70.0/28"
-}
-
-variable "gke_mci_cluster_cidr_block" {
- type = string
- description = "The primary IPv4 cidr block for multi-cluster ingress (MCI)."
- default = "100.64.70.0/28"
-}
-
variable "enforce_bin_auth_policy" {
type = bool
description = "Enable or Disable creation of binary authorization policy"
diff --git a/5-infrastructure/business_unit_1/development/version.tf b/5-infrastructure/business_unit_1/development/version.tf
new file mode 100644
index 0000000..d47fbba
--- /dev/null
+++ b/5-infrastructure/business_unit_1/development/version.tf
@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 3.50"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = "~> 4.0"
+ }
+ }
+}
diff --git a/5-infrastructure/business_unit_1/non-production/README.md b/5-infrastructure/business_unit_1/non-production/README.md
index 0e7530a..60f9620 100644
--- a/5-infrastructure/business_unit_1/non-production/README.md
+++ b/5-infrastructure/business_unit_1/non-production/README.md
@@ -12,9 +12,6 @@
| boa\_sql\_project\_id | Project ID for SQL | `string` | n/a | yes |
| enforce\_bin\_auth\_policy | Enable or Disable creation of binary authorization policy | `bool` | `false` | no |
| gcp\_shared\_vpc\_project\_id | The host project id of the shared VPC | `string` | n/a | yes |
-| gke\_cluster\_1\_cidr\_block | The primary IPv4 cidr block for the first GKE cluster. | `string` | `"100.64.142.0/28"` | no |
-| gke\_cluster\_2\_cidr\_block | The primary IPv4 cidr block for the second GKE cluster. | `string` | `"100.65.134.0/28"` | no |
-| gke\_mci\_cluster\_cidr\_block | The primary IPv4 cidr block for multi-cluster ingress (MCI). | `string` | `"100.64.134.0/28"` | no |
| location\_primary | The primary region for deployment | `string` | `"us-east1"` | no |
| location\_secondary | The secondary region for deployment | `string` | `"us-west1"` | no |
| shared\_vpc\_name | The shared VPC network name | `string` | n/a | yes |
diff --git a/5-infrastructure/business_unit_1/non-production/providers.tf b/5-infrastructure/business_unit_1/non-production/providers.tf
index c4b7e78..2ecc441 100644
--- a/5-infrastructure/business_unit_1/non-production/providers.tf
+++ b/5-infrastructure/business_unit_1/non-production/providers.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,10 +18,6 @@ locals {
tf_sa = var.terraform_service_account
}
-terraform {
- required_version = ">= 0.13"
-}
-
/******************************************
Provider credential configuration
*****************************************/
diff --git a/5-infrastructure/business_unit_1/non-production/variables.tf b/5-infrastructure/business_unit_1/non-production/variables.tf
index 76ae45f..a8eae8f 100644
--- a/5-infrastructure/business_unit_1/non-production/variables.tf
+++ b/5-infrastructure/business_unit_1/non-production/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -61,24 +61,6 @@ variable "boa_sql_project_id" {
description = "Project ID for SQL"
}
-variable "gke_cluster_1_cidr_block" {
- type = string
- description = "The primary IPv4 cidr block for the first GKE cluster."
- default = "100.64.142.0/28"
-}
-
-variable "gke_cluster_2_cidr_block" {
- type = string
- description = "The primary IPv4 cidr block for the second GKE cluster."
- default = "100.65.134.0/28"
-}
-
-variable "gke_mci_cluster_cidr_block" {
- type = string
- description = "The primary IPv4 cidr block for multi-cluster ingress (MCI)."
- default = "100.64.134.0/28"
-}
-
variable "enforce_bin_auth_policy" {
type = bool
description = "Enable or Disable creation of binary authorization policy"
diff --git a/5-infrastructure/business_unit_1/non-production/version.tf b/5-infrastructure/business_unit_1/non-production/version.tf
new file mode 100644
index 0000000..ed47793
--- /dev/null
+++ b/5-infrastructure/business_unit_1/non-production/version.tf
@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = "~> 4.0"
+ }
+ }
+}
diff --git a/5-infrastructure/business_unit_1/production/README.md b/5-infrastructure/business_unit_1/production/README.md
index c9adcfa..b4c188b 100644
--- a/5-infrastructure/business_unit_1/production/README.md
+++ b/5-infrastructure/business_unit_1/production/README.md
@@ -12,9 +12,6 @@
| boa\_sql\_project\_id | Project ID for SQL | `string` | n/a | yes |
| enforce\_bin\_auth\_policy | Enable or Disable creation of binary authorization policy | `bool` | `true` | no |
| gcp\_shared\_vpc\_project\_id | The host project id of the shared VPC | `string` | n/a | yes |
-| gke\_cluster\_1\_cidr\_block | The primary IPv4 cidr block for the first GKE cluster. | `string` | `"100.64.206.0/28"` | no |
-| gke\_cluster\_2\_cidr\_block | The primary IPv4 cidr block for the second GKE cluster. | `string` | `"100.65.198.0/28"` | no |
-| gke\_mci\_cluster\_cidr\_block | The primary IPv4 cidr block for multi-cluster ingress (MCI). | `string` | `"100.64.198.0/28"` | no |
| location\_primary | The primary region for deployment | `string` | `"us-east1"` | no |
| location\_secondary | The secondary region for deployment | `string` | `"us-west1"` | no |
| shared\_vpc\_name | The shared VPC network name | `string` | n/a | yes |
diff --git a/5-infrastructure/business_unit_1/production/providers.tf b/5-infrastructure/business_unit_1/production/providers.tf
index c4b7e78..2ecc441 100644
--- a/5-infrastructure/business_unit_1/production/providers.tf
+++ b/5-infrastructure/business_unit_1/production/providers.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,10 +18,6 @@ locals {
tf_sa = var.terraform_service_account
}
-terraform {
- required_version = ">= 0.13"
-}
-
/******************************************
Provider credential configuration
*****************************************/
diff --git a/5-infrastructure/business_unit_1/production/variables.tf b/5-infrastructure/business_unit_1/production/variables.tf
index 8085165..5bc1de4 100644
--- a/5-infrastructure/business_unit_1/production/variables.tf
+++ b/5-infrastructure/business_unit_1/production/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -61,24 +61,6 @@ variable "boa_sql_project_id" {
description = "Project ID for SQL"
}
-variable "gke_cluster_1_cidr_block" {
- type = string
- description = "The primary IPv4 cidr block for the first GKE cluster."
- default = "100.64.206.0/28"
-}
-
-variable "gke_cluster_2_cidr_block" {
- type = string
- description = "The primary IPv4 cidr block for the second GKE cluster."
- default = "100.65.198.0/28"
-}
-
-variable "gke_mci_cluster_cidr_block" {
- type = string
- description = "The primary IPv4 cidr block for multi-cluster ingress (MCI)."
- default = "100.64.198.0/28"
-}
-
variable "enforce_bin_auth_policy" {
type = bool
description = "Enable or Disable creation of binary authorization policy"
diff --git a/5-infrastructure/business_unit_1/production/version.tf b/5-infrastructure/business_unit_1/production/version.tf
new file mode 100644
index 0000000..ed47793
--- /dev/null
+++ b/5-infrastructure/business_unit_1/production/version.tf
@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = "~> 4.0"
+ }
+ }
+}
diff --git a/5-infrastructure/business_unit_1/shared/providers.tf b/5-infrastructure/business_unit_1/shared/providers.tf
index 31fc3ef..f279b54 100644
--- a/5-infrastructure/business_unit_1/shared/providers.tf
+++ b/5-infrastructure/business_unit_1/shared/providers.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,21 +18,6 @@ locals {
tf_sa = var.app_cicd_build_sa
}
-terraform {
- required_version = ">=0.13.0"
-
- required_providers {
- google = {
- source = "hashicorp/google"
- version = ">= 3.50"
- }
- google-beta = {
- source = "hashicorp/google-beta"
- version = ">= 3.50"
- }
- }
-}
-
/******************************************
Provider credential configuration
*****************************************/
diff --git a/5-infrastructure/business_unit_1/shared/version.tf b/5-infrastructure/business_unit_1/shared/version.tf
new file mode 100644
index 0000000..2433ff0
--- /dev/null
+++ b/5-infrastructure/business_unit_1/shared/version.tf
@@ -0,0 +1,33 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = "~> 4.0"
+ }
+ random = {
+ source = "hashicorp/random"
+ version = ">= 3.3.0"
+ }
+ }
+}
diff --git a/5-infrastructure/modules/app_cicd_pipeline/binauthz.tf b/5-infrastructure/modules/app_cicd_pipeline/binauthz.tf
index ae0b6e4..34ef003 100644
--- a/5-infrastructure/modules/app_cicd_pipeline/binauthz.tf
+++ b/5-infrastructure/modules/app_cicd_pipeline/binauthz.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -17,7 +17,7 @@
resource "random_string" "keyring_name" {
length = 4
special = false
- number = true
+ numeric = true
upper = false
lower = true
}
@@ -40,7 +40,7 @@ resource "google_secret_manager_secret" "keyring-secret" {
}
replication {
- automatic = true
+ auto {}
}
}
@@ -51,7 +51,7 @@ resource "google_secret_manager_secret_version" "keyring-secret-version" {
module "attestors" {
source = "terraform-google-modules/kubernetes-engine/google//modules/binary-authorization"
- version = "~> 14.1"
+ version = "~> 28.0"
for_each = toset(var.attestor_names_prefix)
project_id = var.app_cicd_project_id
diff --git a/5-infrastructure/modules/app_cicd_pipeline/repo.tf b/5-infrastructure/modules/app_cicd_pipeline/repo.tf
index 4335774..54eea72 100644
--- a/5-infrastructure/modules/app_cicd_pipeline/repo.tf
+++ b/5-infrastructure/modules/app_cicd_pipeline/repo.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,9 +15,8 @@
*/
locals {
- created_csrs = toset([for repo in google_sourcerepo_repository.app_infra_repo : repo.name])
- gar_name = split("/", google_artifact_registry_repository.image_repo.name)[length(split("/", google_artifact_registry_repository.image_repo.name)) - 1]
- folders = ["cache/.m2/.ignore", "cache/.skaffold/.ignore", "cache/.cache/pip/wheels/.ignore"]
+ gar_name = split("/", google_artifact_registry_repository.image_repo.name)[length(split("/", google_artifact_registry_repository.image_repo.name)) - 1]
+ folders = ["cache/.m2/.ignore", "cache/.skaffold/.ignore", "cache/.cache/pip/wheels/.ignore"]
}
data "google_project" "app_cicd_project" {
diff --git a/5-infrastructure/modules/app_cicd_pipeline/version.tf b/5-infrastructure/modules/app_cicd_pipeline/version.tf
new file mode 100644
index 0000000..fb7e80d
--- /dev/null
+++ b/5-infrastructure/modules/app_cicd_pipeline/version.tf
@@ -0,0 +1,37 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.83"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ version = "~> 4.0"
+ }
+ random = {
+ source = "hashicorp/random"
+ version = ">= 3.3.0"
+ }
+ null = {
+ source = "hashicorp/null"
+ version = ">= 3.0.0"
+ }
+ }
+}
diff --git a/5-infrastructure/modules/base-env/README.md b/5-infrastructure/modules/base-env/README.md
index 1fe168a..62951d7 100644
--- a/5-infrastructure/modules/base-env/README.md
+++ b/5-infrastructure/modules/base-env/README.md
@@ -35,7 +35,6 @@ The module provisions the following resources
| boa\_sql\_project\_id | Project ID for SQL. | `string` | n/a | yes |
| enforce\_bin\_auth\_policy | Enable or Disable creation of binary authorization policy. | `bool` | `false` | no |
| env | The environment to prepare (dev/npd/prd). | `string` | n/a | yes |
-| folder\_prefix | Name prefix to use for folders created. | `string` | `"fldr"` | no |
| gcp\_shared\_vpc\_project\_id | The host project id of the shared VPC. | `string` | n/a | yes |
| gke\_cluster\_1\_cidr\_block | The primary IPv4 cidr block for the first GKE cluster. | `string` | n/a | yes |
| gke\_cluster\_1\_range\_name\_pods | The name of the pods IP range for the first GKE cluster. | `string` | `"pod-ip-range"` | no |
@@ -52,7 +51,6 @@ The module provisions the following resources
| location\_primary | The primary region for deployment, if not set default locations for each resource are taken from variables file. | `string` | `"us-east1"` | no |
| location\_secondary | The secondary region for deployment, if not set default locations for each resource are taken from variables file. | `string` | `"us-west1"` | no |
| max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `64` | no |
-| project\_prefix | Name prefix to use for projects created. | `string` | `"prj"` | no |
| shared\_vpc\_name | The shared VPC network name. | `string` | n/a | yes |
| sql\_admin\_password | Admin Password for SQL Instances. | `string` | `"admin"` | no |
| sql\_admin\_username | Admin Username for SQL Instances. | `string` | `"admin"` | no |
diff --git a/5-infrastructure/modules/base-env/boa-gke.tf b/5-infrastructure/modules/base-env/boa-gke.tf
index 03a6b4e..6ea0723 100644
--- a/5-infrastructure/modules/base-env/boa-gke.tf
+++ b/5-infrastructure/modules/base-env/boa-gke.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -72,7 +72,7 @@ locals {
module "sink_gke" {
source = "terraform-google-modules/log-export/google"
- version = "~> 6.0"
+ version = "~> 7.3"
destination_uri = module.log_destination.destination_uri
filter = "resource.type:(k8s_cluster OR k8s_container OR gce_target_https_proxy OR gce_url_map OR http_load_balancer OR gce_target_https_proxy OR gce_backend_service OR gce_instance OR gce_forwarding_rule OR gce_health_check OR service_account OR global OR audited_resource OR project)"
log_sink_name = "sink-boa-${local.envs[var.env].short}-gke-to-ops"
@@ -101,7 +101,7 @@ data "google_project" "gke_project" {
module "clusters" {
source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"
- version = "~> 14.0.1"
+ version = "~> 28.0"
for_each = local.gke_settings
project_id = var.boa_gke_project_id
diff --git a/5-infrastructure/modules/base-env/boa-ops.tf b/5-infrastructure/modules/base-env/boa-ops.tf
index 79f5164..c7ea1d0 100644
--- a/5-infrastructure/modules/base-env/boa-ops.tf
+++ b/5-infrastructure/modules/base-env/boa-ops.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,7 +16,7 @@
module "sink_ops" {
source = "terraform-google-modules/log-export/google"
- version = "~> 6.0"
+ version = "~> 7.3"
destination_uri = module.log_destination.destination_uri
filter = ""
log_sink_name = "sink-boa-${local.envs[var.env].short}-ops"
@@ -28,14 +28,14 @@ module "sink_ops" {
resource "random_string" "bucket_name" {
length = 4
upper = false
- number = true
+ numeric = true
lower = true
special = false
}
module "log_destination" {
source = "terraform-google-modules/log-export/google//modules/storage"
- version = "~> 6.0"
+ version = "~> 7.3"
project_id = var.boa_ops_project_id
storage_bucket_name = "log-ops-${lower(var.location_secondary)}-01-${random_string.bucket_name.result}"
location = var.location_secondary
diff --git a/5-infrastructure/modules/base-env/boa-sec.tf b/5-infrastructure/modules/base-env/boa-sec.tf
index 9c18321..24e941b 100644
--- a/5-infrastructure/modules/base-env/boa-sec.tf
+++ b/5-infrastructure/modules/base-env/boa-sec.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@ locals {
module "sink_sec" {
source = "terraform-google-modules/log-export/google"
- version = "~> 6.0"
+ version = "~> 7.3"
destination_uri = module.log_destination.destination_uri
filter = "resource.type:(cloudkms_keyring OR service_account OR global OR audited_resource OR project)"
log_sink_name = "sink-boa-${local.envs[var.env].short}-sec-to-ops"
@@ -37,14 +37,14 @@ module "sink_sec" {
resource "random_string" "keyring_suffix" {
length = 4
upper = false
- number = true
+ numeric = true
lower = true
special = false
}
module "kms_keyrings_keys" {
source = "terraform-google-modules/kms/google"
- version = "~> 2.0"
+ version = "~> 2.1"
for_each = local.kms_locations
project_id = var.boa_sec_project_id
@@ -69,7 +69,7 @@ resource "google_secret_manager_secret" "admin_password" {
label = module.kms_keyrings_keys["sql_1"].keyring_name
}
replication {
- automatic = true
+ auto {}
}
}
diff --git a/5-infrastructure/modules/base-env/boa-sql.tf b/5-infrastructure/modules/base-env/boa-sql.tf
index 4364a50..8ec0f80 100644
--- a/5-infrastructure/modules/base-env/boa-sql.tf
+++ b/5-infrastructure/modules/base-env/boa-sql.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -40,7 +40,7 @@ locals {
module "sink_sql" {
source = "terraform-google-modules/log-export/google"
- version = "~> 6.0"
+ version = "~> 7.2"
destination_uri = module.log_destination.destination_uri
filter = "resource.type:(cloudsql_database OR service_account OR global OR audited_resource OR project)"
log_sink_name = "sink-boa-${local.envs[var.env].short}-sql-to-ops"
diff --git a/5-infrastructure/modules/base-env/variables.tf b/5-infrastructure/modules/base-env/variables.tf
index 47bfe4e..50c9f2e 100644
--- a/5-infrastructure/modules/base-env/variables.tf
+++ b/5-infrastructure/modules/base-env/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -24,18 +24,6 @@ variable "terraform_service_account" {
description = "Service account email of the account to impersonate to run Terraform."
}
-variable "project_prefix" {
- type = string
- description = "Name prefix to use for projects created."
- default = "prj"
-}
-
-variable "folder_prefix" {
- type = string
- description = "Name prefix to use for folders created."
- default = "fldr"
-}
-
variable "location_primary" {
type = string
description = "The primary region for deployment, if not set default locations for each resource are taken from variables file."
diff --git a/5-infrastructure/modules/base-env/version.tf b/5-infrastructure/modules/base-env/version.tf
new file mode 100644
index 0000000..1c6f83e
--- /dev/null
+++ b/5-infrastructure/modules/base-env/version.tf
@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.83"
+ }
+ random = {
+ source = "hashicorp/random"
+ version = ">= 3.3.0"
+ }
+ }
+}
diff --git a/5-infrastructure/modules/bastion/main.tf b/5-infrastructure/modules/bastion/main.tf
index 4c719c2..3f1c811 100644
--- a/5-infrastructure/modules/bastion/main.tf
+++ b/5-infrastructure/modules/bastion/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 202-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@ data "google_compute_subnetwork" "bastion_subnet" {
module "iap_bastion" {
source = "terraform-google-modules/bastion-host/google"
- version = "~> 3.1"
+ version = "~> 5.3"
project = var.project_id
# Variables for existing network
diff --git a/5-infrastructure/modules/bastion/version.tf b/5-infrastructure/modules/bastion/version.tf
new file mode 100644
index 0000000..4b24c31
--- /dev/null
+++ b/5-infrastructure/modules/bastion/version.tf
@@ -0,0 +1,25 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ }
+}
diff --git a/5-infrastructure/modules/cloud-sql/README.md b/5-infrastructure/modules/cloud-sql/README.md
index db16545..0a62337 100644
--- a/5-infrastructure/modules/cloud-sql/README.md
+++ b/5-infrastructure/modules/cloud-sql/README.md
@@ -12,7 +12,7 @@ This module is a wrapper for [CFT PostgreSQL Module](https://github.com/terrafor
| authorized\_networks | CIDR Ranges of Secondary IP ranges for all GKE Cluster Subnets | `list(map(string))` | n/a | yes |
| database\_name | The database name | `string` | n/a | yes |
| database\_region | The database region | `string` | n/a | yes |
-| database\_users | Additional Database Users | list(object({
name = string
password = string
host = string
})) | `[]` | no |
+| database\_users | Additional Database Users | list(object({
name = string
password = string
random_password = bool
})) | `[]` | no |
| database\_zone | The database zone | `string` | n/a | yes |
| project\_id | The GCP Project ID | `string` | n/a | yes |
| replica\_zones | The GCP Zones | object({
zone1 = string
zone2 = string
}) | n/a | yes |
diff --git a/5-infrastructure/modules/cloud-sql/main.tf b/5-infrastructure/modules/cloud-sql/main.tf
index f9944c5..33b9b27 100644
--- a/5-infrastructure/modules/cloud-sql/main.tf
+++ b/5-infrastructure/modules/cloud-sql/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,12 +20,13 @@ locals {
require_ssl = true
private_network = var.vpc_self_link
authorized_networks = var.authorized_networks
+ allocated_ip_range = null
}
}
module "boa_postgress_ha" {
source = "GoogleCloudPlatform/sql-db/google//modules/postgresql"
- version = "~> 5.0"
+ version = "~> 16.1"
name = var.sql_instance_prefix
random_instance_name = true
project_id = var.project_id
@@ -47,6 +48,7 @@ module "boa_postgress_ha" {
ip_configuration = {
ipv4_enabled = false
require_ssl = true
+ allocated_ip_range = null
private_network = var.vpc_self_link
authorized_networks = var.authorized_networks
}
@@ -56,32 +58,41 @@ module "boa_postgress_ha" {
start_time = "20:55"
location = null
point_in_time_recovery_enabled = false
+ transaction_log_retention_days = null
+ retained_backups = null
+ retention_unit = null
}
// Read replica configurations
read_replica_name_suffix = "-example"
read_replicas = [
{
- name = "0"
- zone = var.replica_zones.zone1
- tier = "db-custom-2-13312"
- ip_configuration = local.read_replica_ip_configuration
- database_flags = [{ name = "autovacuum", value = "off" }]
- disk_autoresize = null
- disk_size = null
- disk_type = "PD_HDD"
- user_labels = {}
+ name = "0"
+ zone = var.replica_zones.zone1
+ tier = "db-custom-2-13312"
+ ip_configuration = local.read_replica_ip_configuration
+ database_flags = [{ name = "autovacuum", value = "off" }]
+ disk_autoresize = null
+ disk_autoresize_limit = null
+ availability_type = "REGIONAL"
+ disk_size = null
+ disk_type = "PD_HDD"
+ user_labels = {}
+ encryption_key_name = null
},
{
- name = "1"
- zone = var.replica_zones.zone2
- tier = "db-custom-2-13312"
- ip_configuration = local.read_replica_ip_configuration
- database_flags = [{ name = "autovacuum", value = "off" }]
- disk_autoresize = null
- disk_size = null
- disk_type = "PD_HDD"
- user_labels = {}
+ name = "1"
+ zone = var.replica_zones.zone2
+ tier = "db-custom-2-13312"
+ ip_configuration = local.read_replica_ip_configuration
+ database_flags = [{ name = "autovacuum", value = "off" }]
+ disk_autoresize = null
+ disk_autoresize_limit = null
+ availability_type = "REGIONAL"
+ disk_size = null
+ disk_type = "PD_HDD"
+ user_labels = {}
+ encryption_key_name = null
}
]
diff --git a/5-infrastructure/modules/cloud-sql/variables.tf b/5-infrastructure/modules/cloud-sql/variables.tf
index acc2111..fde5ae3 100644
--- a/5-infrastructure/modules/cloud-sql/variables.tf
+++ b/5-infrastructure/modules/cloud-sql/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -43,9 +43,9 @@ variable "database_region" {
variable "database_users" {
type = list(object({
- name = string
- password = string
- host = string
+ name = string
+ password = string
+ random_password = bool
}))
description = "Additional Database Users"
default = []
diff --git a/5-infrastructure/modules/cloud-sql/version.tf b/5-infrastructure/modules/cloud-sql/version.tf
new file mode 100644
index 0000000..7db1e49
--- /dev/null
+++ b/5-infrastructure/modules/cloud-sql/version.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+}
diff --git a/Makefile b/Makefile
index 3bd70f0..40610e5 100644
--- a/Makefile
+++ b/Makefile
@@ -18,7 +18,7 @@
# Make will use bash instead of sh
SHELL := /usr/bin/env bash
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.16
DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
REGISTRY_URL := gcr.io/cloud-foundation-cicd
diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
new file mode 100644
index 0000000..66d9e8c
--- /dev/null
+++ b/build/int.cloudbuild.yaml
@@ -0,0 +1,24 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+steps:
+- id: no-op
+ name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+ args: ['/bin/bash', '-c', 'sleep 1']
+tags:
+- 'ci'
+- 'integration'
+substitutions:
+ _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
+ _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.16'
diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml
index d0d8eda..c98f748 100644
--- a/build/lint.cloudbuild.yaml
+++ b/build/lint.cloudbuild.yaml
@@ -27,7 +27,7 @@ tags:
- 'lint'
substitutions:
_DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
- _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
+ _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.16'
options:
machineType: 'N1_HIGHCPU_8'
env:
diff --git a/foundation-extension/3-networks-extension/envs/development/README.md b/foundation-extension/3-networks-extension/envs/development/README.md
index d8334b5..68e8b04 100644
--- a/foundation-extension/3-networks-extension/envs/development/README.md
+++ b/foundation-extension/3-networks-extension/envs/development/README.md
@@ -13,3 +13,14 @@ This is an additional Terraform configuration for [example_foundation 3-Networks
This module adds:
1. 4 Subnets - 1 Subnet for each cluster (gke1-cluster, gke2-cluster, mci-cluster) and one bastion-host-subnet to the default Base Shared VPC configuration from 3-networks
1. 4 Ingress and 3 Egress Firewall Rules
+
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+
+
diff --git a/foundation-extension/3-networks-extension/envs/development/version.tf b/foundation-extension/3-networks-extension/envs/development/version.tf
new file mode 100644
index 0000000..7db1e49
--- /dev/null
+++ b/foundation-extension/3-networks-extension/envs/development/version.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+}
diff --git a/foundation-extension/3-networks-extension/envs/non-production/README.md b/foundation-extension/3-networks-extension/envs/non-production/README.md
index 778e1d2..0a39a6d 100644
--- a/foundation-extension/3-networks-extension/envs/non-production/README.md
+++ b/foundation-extension/3-networks-extension/envs/non-production/README.md
@@ -13,3 +13,14 @@ This is an additional Terraform configuration for [example_foundation 3-Networks
This module adds:
1. 4 Subnets - 1 Subnet for each cluster (gke1-cluster, gke2-cluster, mci-cluster) and one bastion-host-subnet to the default Base Shared VPC configuration from 3-networks
1. 4 Ingress and 3 Egress Firewall Rules
+
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+
+
diff --git a/foundation-extension/3-networks-extension/envs/non-production/version.tf b/foundation-extension/3-networks-extension/envs/non-production/version.tf
new file mode 100644
index 0000000..7db1e49
--- /dev/null
+++ b/foundation-extension/3-networks-extension/envs/non-production/version.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+}
diff --git a/foundation-extension/3-networks-extension/envs/production/README.md b/foundation-extension/3-networks-extension/envs/production/README.md
index c16da1e..3590417 100644
--- a/foundation-extension/3-networks-extension/envs/production/README.md
+++ b/foundation-extension/3-networks-extension/envs/production/README.md
@@ -13,3 +13,14 @@ This is an additional Terraform configuration for [example_foundation 3-Networks
This module adds:
1. 4 Subnets - 1 Subnet for each cluster (gke1-cluster, gke2-cluster, mci-cluster) and one bastion-host-subnet to the default Base Shared VPC configuration from 3-networks
1. 4 Ingress and 3 Egress Firewall Rules
+
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+
+
diff --git a/foundation-extension/3-networks-extension/envs/production/version.tf b/foundation-extension/3-networks-extension/envs/production/version.tf
new file mode 100644
index 0000000..7db1e49
--- /dev/null
+++ b/foundation-extension/3-networks-extension/envs/production/version.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+}
diff --git a/foundation-extension/3-networks-extension/modules/fw-rules/version.tf b/foundation-extension/3-networks-extension/modules/fw-rules/version.tf
new file mode 100644
index 0000000..4b24c31
--- /dev/null
+++ b/foundation-extension/3-networks-extension/modules/fw-rules/version.tf
@@ -0,0 +1,25 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ }
+}
diff --git a/foundation-extension/3-networks-extension/network_prepare.sh b/foundation-extension/3-networks-extension/network_prepare.sh
index 413c98b..fd74f3a 100755
--- a/foundation-extension/3-networks-extension/network_prepare.sh
+++ b/foundation-extension/3-networks-extension/network_prepare.sh
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
-# Copyright 2021 Google LLC
+# Copyright 2021-2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,8 +18,9 @@ parent_dir=$( dirname "$(pwd)" )
# Get example-foundation
if [[ ! -d "$parent_dir/3-networks" ]]; then
+ # TODO: pin to a particular release
git clone --depth 1 --filter=blob:none https://github.com/terraform-google-modules/terraform-example-foundation example-foundation
- mv example-foundation/3-networks/ "$parent_dir"
+ mv example-foundation/3-networks-dual-svpc/ "$parent_dir/3-networks"
mv example-foundation/build/cloudbuild-tf-* "$parent_dir"/../build
mv example-foundation/build/tf-wrapper.sh "$parent_dir"/../build
rm -rf example-foundation
@@ -34,12 +35,4 @@ if [[ ! -f "$parent_dir/3-networks/envs/development/boa_*" ]]; then
cd "$parent_dir"/3-networks/
# Change region in commom.tfvars
sed -i 's/central1/east1/g' common.auto.example.tfvars
- # Remove base_shared_vpc from upstream main.tf
- for dir in envs/*/ ; do
- if [[ ! "${dir}" == "envs/shared/" ]]; then
- sed -e '/Base shared VPC/,$d' "$dir"main.tf | tac | sed "1,2d" | tac >> "$dir"tmp_main.tf
- rm "$dir"main.tf
- mv "$dir"tmp_main.tf "$dir"main.tf
- fi
- done
fi
diff --git a/foundation-extension/3-networks/.gitignore b/foundation-extension/3-networks/.gitignore
new file mode 100644
index 0000000..fe232a0
--- /dev/null
+++ b/foundation-extension/3-networks/.gitignore
@@ -0,0 +1,58 @@
+# OSX leaves these everywhere on SMB shares
+._*
+
+# OSX trash
+.DS_Store
+
+# Python
+*.pyc
+
+# Emacs save files
+*~
+\#*\#
+.\#*
+
+# Vim-related files
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+
+### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+.idea/
+.vscode/
+# Kitchen files
+**/inspec.lock
+**.gem
+**/.kitchen
+**/.kitchen.local.yml
+**/Gemfile.lock
+
+credentials.json
+
+# File to populate env vars used by Docker test runs
+.envrc
diff --git a/foundation-extension/4-projects/business_unit_1/development/boa_gke.tf b/foundation-extension/4-projects/business_unit_1/development/boa_gke.tf
index 0876bd3..04d2394 100644
--- a/foundation-extension/4-projects/business_unit_1/development/boa_gke.tf
+++ b/foundation-extension/4-projects/business_unit_1/development/boa_gke.tf
@@ -41,6 +41,7 @@ locals {
}
module "boa_gke_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/development/boa_ops.tf b/foundation-extension/4-projects/business_unit_1/development/boa_ops.tf
index 8c37e26..9167e86 100644
--- a/foundation-extension/4-projects/business_unit_1/development/boa_ops.tf
+++ b/foundation-extension/4-projects/business_unit_1/development/boa_ops.tf
@@ -15,6 +15,7 @@
*/
module "boa_ops_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/development/boa_secret.tf b/foundation-extension/4-projects/business_unit_1/development/boa_secret.tf
index 522e9a4..eb4c72b 100644
--- a/foundation-extension/4-projects/business_unit_1/development/boa_secret.tf
+++ b/foundation-extension/4-projects/business_unit_1/development/boa_secret.tf
@@ -62,6 +62,7 @@ locals {
}
module "boa_secret_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/development/boa_sql.tf b/foundation-extension/4-projects/business_unit_1/development/boa_sql.tf
index d7b3815..c3be72a 100644
--- a/foundation-extension/4-projects/business_unit_1/development/boa_sql.tf
+++ b/foundation-extension/4-projects/business_unit_1/development/boa_sql.tf
@@ -15,6 +15,7 @@
*/
module "boa_sql_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/development/providers.tf b/foundation-extension/4-projects/business_unit_1/development/providers.tf
index c4b7e78..2ecc441 100644
--- a/foundation-extension/4-projects/business_unit_1/development/providers.tf
+++ b/foundation-extension/4-projects/business_unit_1/development/providers.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,10 +18,6 @@ locals {
tf_sa = var.terraform_service_account
}
-terraform {
- required_version = ">= 0.13"
-}
-
/******************************************
Provider credential configuration
*****************************************/
diff --git a/foundation-extension/4-projects/business_unit_1/development/version.tf b/foundation-extension/4-projects/business_unit_1/development/version.tf
new file mode 100644
index 0000000..3f68a0c
--- /dev/null
+++ b/foundation-extension/4-projects/business_unit_1/development/version.tf
@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ google-beta = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ }
+}
diff --git a/foundation-extension/4-projects/business_unit_1/non-production/boa_gke.tf b/foundation-extension/4-projects/business_unit_1/non-production/boa_gke.tf
index 2cbae5e..4e855eb 100644
--- a/foundation-extension/4-projects/business_unit_1/non-production/boa_gke.tf
+++ b/foundation-extension/4-projects/business_unit_1/non-production/boa_gke.tf
@@ -41,6 +41,7 @@ locals {
}
module "boa_gke_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/non-production/boa_ops.tf b/foundation-extension/4-projects/business_unit_1/non-production/boa_ops.tf
index c2107dc..1e160a7 100644
--- a/foundation-extension/4-projects/business_unit_1/non-production/boa_ops.tf
+++ b/foundation-extension/4-projects/business_unit_1/non-production/boa_ops.tf
@@ -15,6 +15,7 @@
*/
module "boa_ops_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/non-production/boa_secret.tf b/foundation-extension/4-projects/business_unit_1/non-production/boa_secret.tf
index 6009dfa..f75b610 100644
--- a/foundation-extension/4-projects/business_unit_1/non-production/boa_secret.tf
+++ b/foundation-extension/4-projects/business_unit_1/non-production/boa_secret.tf
@@ -62,6 +62,7 @@ locals {
}
module "boa_secret_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/non-production/boa_sql.tf b/foundation-extension/4-projects/business_unit_1/non-production/boa_sql.tf
index b0ba214..5fbb776 100644
--- a/foundation-extension/4-projects/business_unit_1/non-production/boa_sql.tf
+++ b/foundation-extension/4-projects/business_unit_1/non-production/boa_sql.tf
@@ -15,6 +15,7 @@
*/
module "boa_sql_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/non-production/providers.tf b/foundation-extension/4-projects/business_unit_1/non-production/providers.tf
index c4b7e78..2ecc441 100644
--- a/foundation-extension/4-projects/business_unit_1/non-production/providers.tf
+++ b/foundation-extension/4-projects/business_unit_1/non-production/providers.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,10 +18,6 @@ locals {
tf_sa = var.terraform_service_account
}
-terraform {
- required_version = ">= 0.13"
-}
-
/******************************************
Provider credential configuration
*****************************************/
diff --git a/foundation-extension/4-projects/business_unit_1/non-production/version.tf b/foundation-extension/4-projects/business_unit_1/non-production/version.tf
new file mode 100644
index 0000000..3f68a0c
--- /dev/null
+++ b/foundation-extension/4-projects/business_unit_1/non-production/version.tf
@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ google-beta = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ }
+}
diff --git a/foundation-extension/4-projects/business_unit_1/production/boa_gke.tf b/foundation-extension/4-projects/business_unit_1/production/boa_gke.tf
index e792e7d..c6c2282 100644
--- a/foundation-extension/4-projects/business_unit_1/production/boa_gke.tf
+++ b/foundation-extension/4-projects/business_unit_1/production/boa_gke.tf
@@ -41,6 +41,7 @@ locals {
}
module "boa_gke_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/production/boa_ops.tf b/foundation-extension/4-projects/business_unit_1/production/boa_ops.tf
index c504052..08bc9e5 100644
--- a/foundation-extension/4-projects/business_unit_1/production/boa_ops.tf
+++ b/foundation-extension/4-projects/business_unit_1/production/boa_ops.tf
@@ -15,6 +15,7 @@
*/
module "boa_ops_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/production/boa_secret.tf b/foundation-extension/4-projects/business_unit_1/production/boa_secret.tf
index 7e11d13..d3aa317 100644
--- a/foundation-extension/4-projects/business_unit_1/production/boa_secret.tf
+++ b/foundation-extension/4-projects/business_unit_1/production/boa_secret.tf
@@ -62,6 +62,7 @@ locals {
}
module "boa_secret_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/production/boa_sql.tf b/foundation-extension/4-projects/business_unit_1/production/boa_sql.tf
index 35a045b..0114178 100644
--- a/foundation-extension/4-projects/business_unit_1/production/boa_sql.tf
+++ b/foundation-extension/4-projects/business_unit_1/production/boa_sql.tf
@@ -15,6 +15,7 @@
*/
module "boa_sql_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/production/providers.tf b/foundation-extension/4-projects/business_unit_1/production/providers.tf
index c4b7e78..2ecc441 100644
--- a/foundation-extension/4-projects/business_unit_1/production/providers.tf
+++ b/foundation-extension/4-projects/business_unit_1/production/providers.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,10 +18,6 @@ locals {
tf_sa = var.terraform_service_account
}
-terraform {
- required_version = ">= 0.13"
-}
-
/******************************************
Provider credential configuration
*****************************************/
diff --git a/foundation-extension/4-projects/business_unit_1/production/version.tf b/foundation-extension/4-projects/business_unit_1/production/version.tf
new file mode 100644
index 0000000..3f68a0c
--- /dev/null
+++ b/foundation-extension/4-projects/business_unit_1/production/version.tf
@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ google-beta = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ }
+}
diff --git a/foundation-extension/4-projects/business_unit_1/shared/app_cicd.tf b/foundation-extension/4-projects/business_unit_1/shared/app_cicd.tf
index d7132b0..f236e9e 100644
--- a/foundation-extension/4-projects/business_unit_1/shared/app_cicd.tf
+++ b/foundation-extension/4-projects/business_unit_1/shared/app_cicd.tf
@@ -34,6 +34,7 @@ locals {
}
module "app_cicd_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
diff --git a/foundation-extension/4-projects/business_unit_1/shared/infra_pipeline.tf b/foundation-extension/4-projects/business_unit_1/shared/infra_pipeline.tf
index d2e14d0..7d59207 100644
--- a/foundation-extension/4-projects/business_unit_1/shared/infra_pipeline.tf
+++ b/foundation-extension/4-projects/business_unit_1/shared/infra_pipeline.tf
@@ -15,6 +15,7 @@
*/
module "app_infra_cloudbuild_project" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/single_project"
impersonate_service_account = var.terraform_service_account
org_id = var.org_id
@@ -43,6 +44,7 @@ module "app_infra_cloudbuild_project" {
}
module "infra_pipelines" {
+ # tflint-ignore: terraform_module_pinned_source
source = "github.com/terraform-google-modules/terraform-example-foundation/4-projects/modules/infra_pipelines"
impersonate_service_account = var.terraform_service_account
cloudbuild_project_id = module.app_infra_cloudbuild_project.project_id
diff --git a/foundation-extension/4-projects/business_unit_1/shared/providers.tf b/foundation-extension/4-projects/business_unit_1/shared/providers.tf
index c4b7e78..2ecc441 100644
--- a/foundation-extension/4-projects/business_unit_1/shared/providers.tf
+++ b/foundation-extension/4-projects/business_unit_1/shared/providers.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2021 Google LLC
+ * Copyright 2021-2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,10 +18,6 @@ locals {
tf_sa = var.terraform_service_account
}
-terraform {
- required_version = ">= 0.13"
-}
-
/******************************************
Provider credential configuration
*****************************************/
diff --git a/foundation-extension/4-projects/business_unit_1/shared/version.tf b/foundation-extension/4-projects/business_unit_1/shared/version.tf
new file mode 100644
index 0000000..3f68a0c
--- /dev/null
+++ b/foundation-extension/4-projects/business_unit_1/shared/version.tf
@@ -0,0 +1,29 @@
+/**
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 0.13"
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ google-beta = {
+ source = "hashicorp/google"
+ version = "~> 4.0"
+ }
+ }
+}