Skip to content

Commit

Permalink
feat: add network service tier setting (#640)
Browse files Browse the repository at this point in the history
* feat: add network service tier setting

This allows users to configure the project default Network Service
Tier.

* run docker_generate_docs

* code review fixes

* re-generate docs

* terraform fmt

* add blank line
  • Loading branch information
jawnsy authored Dec 1, 2021
1 parent dd9beb3 commit f5cce9e
Show file tree
Hide file tree
Showing 17 changed files with 57 additions and 3 deletions.
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ determining that location is as follows:
| auto\_create\_network | Create the default network | `bool` | `false` | no |
| billing\_account | The ID of the billing account to associate this project with | `string` | n/a | yes |
| bucket\_force\_destroy | Force the deletion of all objects within the GCS bucket when deleting the bucket (optional) | `bool` | `false` | no |
| bucket\_labels | A map of key/value label pairs to assign to the bucket (optional) | `map` | `{}` | no |
| bucket\_labels | A map of key/value label pairs to assign to the bucket (optional) | `map(string)` | `{}` | no |
| bucket\_location | The location for a GCS bucket to create (optional) | `string` | `"US"` | no |
| bucket\_name | A name for a GCS bucket to create (in the bucket\_project project), useful for Terraform state (optional) | `string` | `""` | no |
| bucket\_project | A project to create a GCS bucket (bucket\_name) in, useful for Terraform state (optional) | `string` | `""` | no |
Expand All @@ -127,6 +127,7 @@ determining that location is as follows:
| budget\_monitoring\_notification\_channels | A list of monitoring notification channels in the form `[projects/{project_id}/notificationChannels/{channel_id}]`. A maximum of 5 channels are allowed. | `list(string)` | `[]` | no |
| consumer\_quotas | The quotas configuration you want to override for the project. | <pre>list(object({<br> service = string,<br> metric = string,<br> limit = string,<br> value = string,<br> }))</pre> | `[]` | no |
| create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
| default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `bool` | `true` | no |
Expand Down
1 change: 1 addition & 0 deletions examples/gke_shared_vpc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ More information about GKE with Shared VPC can be found here: https://cloud.goog
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| billing\_account | billing account | `any` | n/a | yes |
| default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
| org\_id | organization id | `any` | n/a | yes |
| shared\_vpc | The ID of the host project which hosts the shared VPC | `any` | n/a | yes |
| shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT\_ID/regions/$REGION/subnetworks/$SUBNET\_ID) | `list(string)` | `[]` | no |
Expand Down
1 change: 1 addition & 0 deletions examples/gke_shared_vpc/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,5 @@ module "project-factory" {
svpc_host_project_id = var.shared_vpc
activate_apis = ["compute.googleapis.com", "container.googleapis.com", "cloudbilling.googleapis.com"]
shared_vpc_subnets = var.shared_vpc_subnets
default_network_tier = var.default_network_tier
}
5 changes: 5 additions & 0 deletions examples/gke_shared_vpc/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,8 @@ variable "shared_vpc_subnets" {
default = []
}

variable "default_network_tier" {
description = "Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers."
type = string
default = ""
}
1 change: 1 addition & 0 deletions examples/shared_vpc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ It then attaches two new service projects to the host project.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| billing\_account | The ID of the billing account to associate this project with | `any` | n/a | yes |
| default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
| folder\_id | The folder to create projects in | `any` | n/a | yes |
| host\_project\_name | Name for Shared VPC host project | `string` | `"shared-vpc-host"` | no |
| network\_name | Name for Shared VPC network | `string` | `"shared-network"` | no |
Expand Down
1 change: 1 addition & 0 deletions examples/shared_vpc/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ module "host-project" {
folder_id = var.folder_id
billing_account = var.billing_account
enable_shared_vpc_host_project = true
default_network_tier = var.default_network_tier
}

/******************************************
Expand Down
6 changes: 6 additions & 0 deletions examples/shared_vpc/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,9 @@ variable "network_name" {
description = "Name for Shared VPC network"
default = "shared-network"
}

variable "default_network_tier" {
description = "Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers."
type = string
default = ""
}
1 change: 1 addition & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ module "project-factory" {
disable_dependent_services = var.disable_dependent_services
vpc_service_control_attach_enabled = var.vpc_service_control_attach_enabled
vpc_service_control_perimeter_name = var.vpc_service_control_perimeter_name
default_network_tier = var.default_network_tier
}

/******************************************
Expand Down
9 changes: 9 additions & 0 deletions modules/core_project_factory/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -350,3 +350,12 @@ resource "google_project_service" "enable_access_context_manager" {
project = google_project.main.number
service = "accesscontextmanager.googleapis.com"
}

/******************************************
Configure default Network Service Tier
*****************************************/
resource "google_compute_project_default_network_tier" "default" {
count = var.default_network_tier != "" ? 1 : 0
project = google_project.main.number
network_tier = var.default_network_tier
}
8 changes: 7 additions & 1 deletion modules/core_project_factory/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ variable "bucket_versioning" {

variable "bucket_labels" {
description = " A map of key/value label pairs to assign to the bucket (optional)"
type = map
type = map(string)
default = {}
}

Expand Down Expand Up @@ -227,3 +227,9 @@ variable "vpc_service_control_perimeter_name" {
type = string
default = null
}

variable "default_network_tier" {
description = "Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers."
type = string
default = ""
}
1 change: 1 addition & 0 deletions modules/gsuite_enabled/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ The roles granted are specifically:
| consumer\_quotas | The quotas configuration you want to override for the project. | <pre>list(object({<br> service = string,<br> metric = string,<br> limit = string,<br> value = string,<br> }))</pre> | `[]` | no |
| create\_group | Whether to create the group or not | `bool` | `false` | no |
| create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
| default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `bool` | `true` | no |
Expand Down
1 change: 1 addition & 0 deletions modules/gsuite_enabled/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ module "project-factory" {
disable_services_on_destroy = var.disable_services_on_destroy
default_service_account = var.default_service_account
disable_dependent_services = var.disable_dependent_services
default_network_tier = var.default_network_tier
}

/******************************************
Expand Down
6 changes: 6 additions & 0 deletions modules/gsuite_enabled/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -220,3 +220,9 @@ variable "consumer_quotas" {
}))
default = []
}

variable "default_network_tier" {
description = "Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers."
type = string
default = ""
}
1 change: 1 addition & 0 deletions modules/svpc_service_project/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ module "service-project" {
| budget\_amount | The amount to use for a budget alert | `number` | `null` | no |
| budget\_monitoring\_notification\_channels | A list of monitoring notification channels in the form `[projects/{project_id}/notificationChannels/{channel_id}]`. A maximum of 5 channels are allowed. | `list(string)` | `[]` | no |
| create\_project\_sa | Whether the default service account for the project shall be created | `bool` | `true` | no |
| default\_network\_tier | Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers. | `string` | `""` | no |
| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | `string` | `"disable"` | no |
| disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | `bool` | `true` | no |
| disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | `bool` | `true` | no |
Expand Down
1 change: 1 addition & 0 deletions modules/svpc_service_project/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ module "project-factory" {
disable_services_on_destroy = var.disable_services_on_destroy
default_service_account = var.default_service_account
disable_dependent_services = var.disable_dependent_services
default_network_tier = var.default_network_tier
}

/******************************************
Expand Down
6 changes: 6 additions & 0 deletions modules/svpc_service_project/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -221,3 +221,9 @@ variable "grant_services_network_role" {
type = bool
default = true
}

variable "default_network_tier" {
description = "Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers."
type = string
default = ""
}
8 changes: 7 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ variable "bucket_versioning" {

variable "bucket_labels" {
description = " A map of key/value label pairs to assign to the bucket (optional)"
type = map
type = map(string)
default = {}
}

Expand Down Expand Up @@ -275,3 +275,9 @@ variable "consumer_quotas" {
}))
default = []
}

variable "default_network_tier" {
description = "Default Network Service Tier for resources created in this project. If unset, the value will not be modified. See https://cloud.google.com/network-tiers/docs/using-network-service-tiers and https://cloud.google.com/network-tiers."
type = string
default = ""
}

0 comments on commit f5cce9e

Please sign in to comment.