diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index b718a9c..ba7ef29 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,7 +2,7 @@
default_stages: [commit]
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.84.0
+ rev: v1.88.2
hooks:
- id: terraform_fmt
- id: terraform_validate
@@ -12,7 +12,7 @@ repos:
- id: terraform_tflint
args:
- --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
- - id: terraform_tfsec
+ - id: terraform_trivy
- id: terraform_checkov
args:
- --args=--quiet
@@ -20,7 +20,7 @@ repos:
- id: tfupdate
name: Autoupdate Terraform Google Provider
args:
- - --args=provider google -v "~> 4.0"
+ - --args=provider google -v "~> 5.0"
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
diff --git a/.tflint.hcl b/.tflint.hcl
index 73a1fc9..6826a13 100644
--- a/.tflint.hcl
+++ b/.tflint.hcl
@@ -1,6 +1,6 @@
plugin "google" {
enabled = true
- version = "0.26.0"
+ version = "0.27.1"
source = "github.com/terraform-linters/tflint-ruleset-google"
}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1fba2f7..4e09b9f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,26 @@
-## 0.10.1 (Released)
+## 0.12.0 (Released)
+FEATURES:
+- Update to GCP Terraform Provider v5
+
+BUG FIXES:
+- VPC Submodule
+ - Proxy Subnet fix for change to GCP APIs related to IPv6
+ - GCP released a change and with v5 of the GCP Terraform Provider, the IPv6 parameter for Proxy Only Subnets is not suported/required.
+ - Subnet Names are now managed by the root module
+ - The previous behavior was causing the replacement of Subnets on any parameter change to the root module.
+- VPC Firewall Submodule
+ - Update to use VPC ID for attachment instead of dynamically identifying from the name.
+ - The previous behavior was causing the replacement of the VPC Firewall on any parameter change to the root module.
+
+BREAKING CHANGES:
+
+OTHER:
+- Change from tfsec to trivy for pre-commit
+- TFLint updated for GCP Ruleset
+- General updates/fixes for all tests in submodule examples for VPC Firewall and CloudStorage
+- pre-commit updates to the latest revisions
+
+## 0.11.0 (Released)
FEATURES:
- Bucket CORS Rules updates to support additional Anyscale UI functionality
diff --git a/README.md b/README.md
index fe708ee..c5bc0da 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,10 @@
[![Build Status][badge-build]][build-status]
[![Terraform Version][badge-terraform]](https://github.com/hashicorp/terraform/releases)
+[![OpenTofu Version][badge-opentofu]](https://github.com/opentofu/opentofu/releases)
[![Google Provider Version][badge-tf-google]](https://github.com/terraform-providers/terraform-provider-google/releases)
# Terraform Modules for Anyscale Cloud Foundations on Google
-[Terraform] modules to manage cloud infrastructure for Anyscale. This builds the foundational cloud resources needed to run Anyscale in a cloud environment. This module and sub-modules support Google Cloud.
+This repository's [Terraform] modules build the foundational cloud resources needed to run Anyscale in a cloud environment. This module and sub-modules support Google Cloud.
**THIS IS PROVIDED AS A STARTING POINT**
@@ -11,31 +12,33 @@
## Google Cloud Resources
-For deploying Anyscale on GCP, the minimum required resources are detailed in the [Anyscale GCP Deployment Guide](https://docs.anyscale.com/cloud-deployment/gcp/deploy-cloud). This can be used to build the resources to support Customer Defined Networking Clouds (diagrammed below) as well as a Direct Networking clouds.
+The [Anyscale GCP Deployment Guide](https://docs.anyscale.com/cloud-deployment/gcp/deploy-cloud) details the minimum required resources for deploying Anyscale on GCP. This module can be used to build the resources to support Customer Defined Networking Clouds (diagrammed below) and Direct Networking Clouds.
-To streamline long-term management and to enable customization, we've modularized the resources into the following Terraform sub-modules:
+To streamline long-term management and enable customization, we've modularized the resources into the following Terraform sub-modules:
* google-anyscale-cloudapis - This enables the Google Cloud APIs necessary for Anyscale to work
-* google-anyscale-cloudstorage - This builds a Cloud Storage bucket which is used by Anyscale to store cluster logs and shared resources.
-* google-anyscale-filestore - This builds a FileStore and mount points which is used by Anyscale Workspaces
-* google-anyscale-iam - This builds IAM roles and policies. One role for cross-account access from the Anyscale control plane, and one role for compute/clusters to use.
+* google-anyscale-cloudstorage - This builds a Cloud Storage bucket, which Anyscale uses to store cluster logs and shared resources.
+* google-anyscale-filestore - This builds a FileStore and mount points, which Workspaces use.
+* google-anyscale-iam - This builds IAM roles and policies. One role for cross-account access from the Anyscale Control Plane, and one for compute/clusters to use.
* google-anyscale-project - This builds a base Google Project
-* google-anyscale-vpc - This builds a rudamentary Google VPC
+* google-anyscale-vpc - This builds a rudimentary Google VPC
* google-anyscale-vpc-firewall - This builds the required Google VPC Firewall Policy
-* google-anyscale-memorystore - This (optional) module creates a Memorystore resource which is used for Anyscale Services Head Node High Availability. To use, make sure to properly set `enable_anyscale_memorystore`
+* google-anyscale-memorystore - This (optional) module creates a Memorystore resource used for Anyscale Services Head Node High Availability. To use, make sure to set `enable_anyscale_memorystore` properly.
+
+These sub-modules should only be called from the root module (current location).
### Customization
-These modules are designed with best practices in mind, ensuring a secure, efficient, and scalable Anyscale deployment on AWS.Each module is standalone, allowing you the flexibility to disable any you don't need. This is handy if you're looking to incorporate custom solutions for specific resources.
+These modules are designed with best practices in mind, ensuring a secure, efficient, and scalable Anyscale deployment on Google Cloud. Each submodule can be disabled, allowing easy incorporation of custom solutions for specific resources.
-If you choose to disable a module, the responsibility to create and manage that resource shifts to you. This flexibility is ideal if you have existing network setups (e.g., VPCs), or need tailored configurations for Buckets, IAM, Filestore, or other services. The Anyscale Terraform Modules are particularly useful for integrating Anyscale components with pre-existing infrastructure, ensuring a smooth blend between what you already have and what you need.
+If you choose to disable a module, creating and managing that resource shifts to you. This flexibility is ideal if you have existing network setups (e.g., VPCs) or need tailored configurations for Buckets, IAM, Filestore, or other services. The Anyscale GCP Terraform Modules are particularly useful for integrating Anyscale components with pre-existing infrastructure, ensuring a smooth blend between what you already have and need.
### Examples
-The examples folder has a couple common use cases that have been tested. These include:
+The examples folder has several common use cases that have been tested. These include:
* Anyscale v2
- * anyscale-v2: Build everything with minimal parameters
+ * anyscale-v2: Build everything with minimal parameters (primarily used for testing)
* anyscale-v2-commonname: Build everything, use a common name for all resources
* anyscale-v2-privatenetwork: Build everything but with a private network - includes Memorystore resources
* anyscale-v2-existingproject: Build everything except the project
@@ -81,169 +84,178 @@ None
## Requirements
-| Name | Version |
-| ------------------------------------------------------------------------- | ------- |
-| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
-| [random](#requirement\_random) | ~> 3.0 |
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.0 |
+| [google](#requirement\_google) | ~> 5.0 |
+| [random](#requirement\_random) | ~> 3.0 |
## Providers
-| Name | Version |
-| ---------------------------------------------------------- | ------- |
-| [google](#provider\_google) | 4.84.0 |
-| [random](#provider\_random) | 3.6.0 |
+| Name | Version |
+|------|---------|
+| [google](#provider\_google) | 4.84.0 |
+| [random](#provider\_random) | 3.6.0 |
## Modules
-| Name | Source | Version |
-| ----------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- | ------- |
-| [google\_anyscale\_cloudapis](#module\_google\_anyscale\_cloudapis) | ./modules/google-anyscale-cloudapis | n/a |
-| [google\_anyscale\_cloudstorage](#module\_google\_anyscale\_cloudstorage) | ./modules/google-anyscale-cloudstorage | n/a |
-| [google\_anyscale\_filestore](#module\_google\_anyscale\_filestore) | ./modules/google-anyscale-filestore | n/a |
-| [google\_anyscale\_iam](#module\_google\_anyscale\_iam) | ./modules/google-anyscale-iam | n/a |
-| [google\_anyscale\_memorystore](#module\_google\_anyscale\_memorystore) | ./modules/google-anyscale-memorystore | n/a |
-| [google\_anyscale\_project](#module\_google\_anyscale\_project) | ./modules/google-anyscale-project | n/a |
-| [google\_anyscale\_vpc](#module\_google\_anyscale\_vpc) | ./modules/google-anyscale-vpc | n/a |
-| [google\_anyscale\_vpc\_firewall\_policy](#module\_google\_anyscale\_vpc\_firewall\_policy) | ./modules/google-anyscale-vpc-firewall | n/a |
+| Name | Source | Version |
+|------|--------|---------|
+| [google\_anyscale\_cloudapis](#module\_google\_anyscale\_cloudapis) | ./modules/google-anyscale-cloudapis | n/a |
+| [google\_anyscale\_cloudstorage](#module\_google\_anyscale\_cloudstorage) | ./modules/google-anyscale-cloudstorage | n/a |
+| [google\_anyscale\_filestore](#module\_google\_anyscale\_filestore) | ./modules/google-anyscale-filestore | n/a |
+| [google\_anyscale\_iam](#module\_google\_anyscale\_iam) | ./modules/google-anyscale-iam | n/a |
+| [google\_anyscale\_memorystore](#module\_google\_anyscale\_memorystore) | ./modules/google-anyscale-memorystore | n/a |
+| [google\_anyscale\_project](#module\_google\_anyscale\_project) | ./modules/google-anyscale-project | n/a |
+| [google\_anyscale\_vpc](#module\_google\_anyscale\_vpc) | ./modules/google-anyscale-vpc | n/a |
+| [google\_anyscale\_vpc\_firewall\_policy](#module\_google\_anyscale\_vpc\_firewall\_policy) | ./modules/google-anyscale-vpc-firewall | n/a |
## Resources
-| Name | Type |
-| ----------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
-| [random_id.common_name](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
-| [google_client_config.current](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
+| Name | Type |
+|------|------|
+| [random_id.common_name](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [google_client_config.current](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
| [google_compute_subnetwork.existing_vpc_subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_subnetwork) | data source |
-| [google_compute_subnetwork.shared_vpc_subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_subnetwork) | data source |
+| [google_compute_subnetwork.shared_vpc_subnet](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_subnetwork) | data source |
## Inputs
-| Name | Description | Type | Default | Required |
-| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: |
-| [allow\_ssh\_from\_google\_ui](#input\_allow\_ssh\_from\_google\_ui) | (Optional) Determines if SSH access is allowed from the Google UI.
ex:allow_ssh_from_google_ui = true
| `bool` | `true` | no |
-| [anyscale\_access\_role\_description](#input\_anyscale\_access\_role\_description) | (Optional) The description of the Anyscale IAM access role.
ex:anyscale_access_role_description = "Anyscale Cross Account Access"
| `string` | `"Anyscale Cross Account Access Role"` | no |
-| [anyscale\_bucket\_cors\_rules](#input\_anyscale\_bucket\_cors\_rules) | (Optional) List of CORS rules to configure.
Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#cors except max\_age\_seconds should be a number.
ex:anyscale_bucket_cors_rules = [
{
origins = ["https://*.anyscale.com"]
methods = ["GET", "HEAD, "PUT", "POST", "DELETE"]
response_headers = ["*"]
max_age_seconds = 3600
}
]
| set(object({
# Object with keys:
# - origins - (Required) List of values, with wildcards, of the Origin header in the request that an incoming OPTIONS request will be matched against.
# - methods - (Required) Lilst of values, with wildcards, of the Access-Control-Request-Method header in the request that an incoming OPTIONS request will be matched against.
# - response_headers - (Required) List of values, with wildcards, of the Access-Control-Request-Headers header in the request that an incoming OPTIONS request will be matched against.
# - max_age_seconds - (Optional) The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.
origins = list(string)
methods = list(string)
response_headers = list(string)
max_age_seconds = number
})) | [
{
"max_age_seconds": 3600,
"methods": [
"GET",
"POST",
"PUT",
"HEAD",
"DELETE"
],
"origins": [
"https://*.anyscale.com"
],
"response_headers": [
"*"
]
}
]
| no |
-| [anyscale\_bucket\_lifecycle\_rules](#input\_anyscale\_bucket\_lifecycle\_rules) | (Optional) List of lifecycle rules to configure.
Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches\_storage\_class should be a comma delimited string.
ex:anyscale_bucket_lifecycle_rules = [
{
action = {
type = "Delete"
storage_class = "MULTI_REGIONAL"
}
condition = {
age = 30
}
}
]
| set(object({
# Object with keys:
# - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
# - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
action = map(string)
# Object with keys:
# - age - (Optional) Minimum age of an object in days to satisfy this condition.
# - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
# - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
# - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
# - matches_prefix - (Optional) One or more matching name prefixes to satisfy this condition.
# - matches_suffix - (Optional) One or more matching name suffixes to satisfy this condition.
# - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
# - custom_time_before - (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition.
# - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.
# - days_since_noncurrent_time - (Optional) Relevant only for versioned objects. Number of days elapsed since the noncurrent timestamp of an object.
# - noncurrent_time_before - (Optional) Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent.
condition = map(string)
})) | `[]` | no |
-| [anyscale\_bucket\_location](#input\_anyscale\_bucket\_location) | (Optional) The location of the bucket.
ex:anyscale_bucket_location = "US"
| `string` | `"US"` | no |
-| [anyscale\_bucket\_name](#input\_anyscale\_bucket\_name) | (Optional - forces new resource) Cloudstorage bucket name.
The name of the bucket used to store Anyscale related logs and other shared resources.
- If left `null`, will default to `anyscale_bucket_prefix`.
- If provided, overrides the `anyscale_bucket_prefix` variable.
ex:anyscale_bucket_name = "anyscale-bucket"
| `string` | `null` | no |
-| [anyscale\_bucket\_prefix](#input\_anyscale\_bucket\_prefix) | (Optional - forces new resource) Cloudstorage bucket name prefix.
Creates a unique bucket name beginning with the specified prefix.
- If `anyscale_bucket_name` is provided, it will override this variable.
- The variable `general_prefix` is a fall-back prefix if this is not provided.
- Default is `null` but is set to `anyscale-` in a local variable.
ex:anyscale_bucket_prefix = "anyscale-bucket-"
| `string` | `null` | no |
-| [anyscale\_bucket\_storage\_class](#input\_anyscale\_bucket\_storage\_class) | (Optional) Bucket storage class.
Must be one of: STANDARD, MULTI\_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE
ex:anyscale_bucket_storage_class = "STANDARD"
| `string` | `"STANDARD"` | no |
-| [anyscale\_cloud\_id](#input\_anyscale\_cloud\_id) | (Optional) Anyscale Cloud ID.
This is the ID of the Anyscale Cloud. This is not the same as the GCP Project ID. Used in labels.
ex:anyscale_cloud_id = "cld_1234567890"
| `string` | `null` | no |
-| [anyscale\_cluster\_node\_service\_acct\_description](#input\_anyscale\_cluster\_node\_service\_acct\_description) | (Optional) The description of the IAM role that will be created for Anyscale access.
ex:anyscale_cluster_node_service_acct_description = "Anyscale Cluster Node"
| `string` | `null` | no |
-| [anyscale\_cluster\_node\_service\_acct\_name](#input\_anyscale\_cluster\_node\_service\_acct\_name) | (Optional - forces new resource) IAM Cluster Node Role Name
The name of the IAM role that will be created for Anyscale cluster nodes.
- If left `null`, will default to anyscale\_cluster\_node\_service\_acct\_name\_prefix.
- If provided, overrides the anyscale\_cluster\_node\_service\_acct\_name\_prefix variable.
- It needs to be > 4 chars and < 28 chars.
ex:anyscale_cluster_node_service_acct_name = "anyscale-cluster-node"
| `string` | `null` | no |
-| [anyscale\_cluster\_node\_service\_acct\_name\_prefix](#input\_anyscale\_cluster\_node\_service\_acct\_name\_prefix) | (Optional - forces new resource) IAM Cluster Node Role Name Prefix
Creates a unique IAM role name beginning with the specified prefix.
- If `anyscale_cluster_node_service_acct_name` is provided, it will override this variable.
- The variable `general_prefix` is a fall-back prefix if this is not provided.
- Default is `null` but is set to `anyscale-cluster-` in a local variable.
- It needs to be > 4 chars and < 20 chars.
ex:anyscale_cluster_node_service_acct_name_prefix = "anyscale-cluster-"
| `string` | `null` | no |
-| [anyscale\_deploy\_env](#input\_anyscale\_deploy\_env) | (Optional) Anyscale deploy environment.
Used in resource names and tags.
ex:anyscale_deploy_env = "production"
| `string` | `"production"` | no |
-| [anyscale\_filestore\_capacity\_gb](#input\_anyscale\_filestore\_capacity\_gb) | (Optional) The capacity of the fileshare in GB.
This must be at least 1024 GiB for the standard or enterprise tiers, or 2560 GiB for the premium tier.
Default is `1024`. | `number` | `1024` | no |
-| [anyscale\_filestore\_description](#input\_anyscale\_filestore\_description) | (Optional) The description of the filestore instance.
ex:anyscale_filestore_description = "Anyscale Filestore Instance"
| `string` | `"Anyscale Filestore Instance"` | no |
-| [anyscale\_filestore\_fileshare\_name](#input\_anyscale\_filestore\_fileshare\_name) | (Optional - forces new resource) Filestore fileshare name.
The name of the fileshare to create.
- If left `null`, will default to `common_name`.
- If `common_name` is null or over 16 chars, will default to `anyscale`.
- Must start with a letter, followed by letters, numbers, or underscores, and cannot end with an underscore.
- Can not be longer than 16 characters.
ex:anyscale_filestore_fileshare_name = "anyscale-fileshare"
| `string` | `null` | no |
-| [anyscale\_filestore\_labels](#input\_anyscale\_filestore\_labels) | (Optional) Filestore Labels
A map of labels to be added to the Filestore instance.
Duplicate labels in `labels` will be overwritten by labels in `anyscale_filestore_labels`.
ex:anyscale_filestore_labels = {
application = "Anyscale",
environment = "prod"
} | `map(string)` | `{}` | no |
-| [anyscale\_filestore\_location](#input\_anyscale\_filestore\_location) | (Optional) The name of the location region in which the filestore resource will be created.
This can be a region for `ENTERPRISE` tier instances.
If it is not provided, the region for the VPC network will be used
If a VPC network was not created, provider region is used.
ex:anyscale_filestore_location = "us-central1"
| `string` | `null` | no |
-| [anyscale\_filestore\_name](#input\_anyscale\_filestore\_name) | (Optional - forces new resource) Filestore instance name.
The name of the filestore instance used to store Anyscale related logs and other shared resources.
- If left `null`, will default to `anyscale_filestore_name_prefix`.
- If provided, overrides the `anyscale_filestore_name_prefix` variable.
ex:anyscale_filestore_name = "anyscale-filestore"
| `string` | `null` | no |
-| [anyscale\_filestore\_name\_prefix](#input\_anyscale\_filestore\_name\_prefix) | (Optional - forces new resource) Filestore instance name prefix.
Creates a unique filestore instance name beginning with the specified prefix.
- If `anyscale_filestore_name` is provided, it will override this variable.
- The variable `general_prefix` is a fall-back prefix if this is not provided.
- Default is `null` but is set to `anyscale-` in a local variable.
ex:anyscale_filestore_name_prefix = "anyscale-filestore-"
| `string` | `null` | no |
-| [anyscale\_filestore\_network\_conect\_mode](#input\_anyscale\_filestore\_network\_conect\_mode) | (Optional) The network connect mode of the filestore instance.
Must be one of `DIRECT_PEERING` or `PRIVATE_SERVICE_ACCESS`. If using a Shared VPC, this must be set to `PRIVATE_SERVICE_ACCESS`.
ex:anyscale_filestore_network_conect_mode = "DIRECT_PEERING"
| `string` | `"DIRECT_PEERING"` | no |
-| [anyscale\_filestore\_tier](#input\_anyscale\_filestore\_tier) | (Optional) The tier of the filestore to create.
Must be one of `STANDARD`, `BASIC_HDD`, `BASIC_SSD`, `HIGH_SCALE_SSD`, `ENTERPRISE` or `PREMIUM`.
ex:anyscale_filestore_tier = "STANDARD"
| `string` | `"STANDARD"` | no |
-| [anyscale\_iam\_access\_role\_id](#input\_anyscale\_iam\_access\_role\_id) | (Optional, forces creation of new resource) The ID of the Anyscale IAM access role.
Overrides `anyscale_iam_access_role_id_prefix`.
ex:anyscale_iam_access_role_id = "anyscale_access_role"
| `string` | `null` | no |
-| [anyscale\_iam\_access\_role\_id\_prefix](#input\_anyscale\_iam\_access\_role\_id\_prefix) | (Optional, forces creation of new resource) The prefix of the Anyscale IAM access role.
If `anyscale_iam_access_role_id` is provided, it will override this variable.
If set to `null`, the prefix will be set to \"anyscale\_\" in a local variable.
ex:anyscale_iam_access_role_id_prefix = "anyscale_crossacct_role_"
| `string` | `"anyscale_crossacct_role_"` | no |
-| [anyscale\_iam\_access\_service\_acct\_description](#input\_anyscale\_iam\_access\_service\_acct\_description) | (Optional) The description of the IAM role that will be created for Anyscale access.
ex:anyscale_iam_access_service_acct_description = "Anyscale Cross Account Access"
| `string` | `null` | no |
-| [anyscale\_iam\_access\_service\_acct\_name](#input\_anyscale\_iam\_access\_service\_acct\_name) | (Optional - forces new resource) IAM Access Service Account Name
The name of the IAM role that will be created for Anyscale access.
- If left `null`, will default to `anyscale_iam_access_service_acct_name_prefix`.
- If provided, overrides the `anyscale_iam_access_service_acct_name_prefix` variable.
- It needs to be > 4 chars and < 28 chars.
ex:anyscale_iam_access_service_acct_name = "anyscale-crossacct-access"
| `string` | `null` | no |
-| [anyscale\_iam\_access\_service\_acct\_name\_prefix](#input\_anyscale\_iam\_access\_service\_acct\_name\_prefix) | (Optional - forces new resource) IAM Access Role Name Prefix
Creates a unique IAM Service Account name beginning with the specified prefix.
- If `anyscale_iam_access_service_acct_name` is provided, it will override this variable.
- The variable `general_prefix` is a fall-back prefix if this is not provided.
- Default is `null` but is set to `anyscale-crossacct-` in a local variable.
- It needs to be > 4 chars and < 20 chars.
ex:anyscale_iam_access_service_acct_name_prefix = "anyscale-crossacct-"
| `string` | `null` | no |
-| [anyscale\_memorystore\_display\_name](#input\_anyscale\_memorystore\_display\_name) | (Optional) Memorystore Display Name
The display name of the Memorystore instance used for Anyscale Services Head Node HA.
Must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens, and cannot end with a hyphen.
ex:anyscale_memorystore_display_name = "Anyscale Memorystore"
| `string` | `null` | no |
-| [anyscale\_memorystore\_labels](#input\_anyscale\_memorystore\_labels) | (Optional) Memorystore Labels
A map of labels to be added to the Memorystore instance.
Duplicate labels in `labels` will be overwritten by labels in `anyscale_memorystore_labels`.
ex:anyscale_memorystore_labels = {
application = "Anyscale",
environment = "prod"
} | `map(string)` | `{}` | no |
-| [anyscale\_memorystore\_name](#input\_anyscale\_memorystore\_name) | (Optional - forces new resource) Memorystore Name
The name of the Memorystore instance used for Anyscale Services Head Node HA.
If left `null`, will default to `anyscale_memorystore_name_prefix`.
If provided, overrides the `anyscale_memorystore_name_prefix` variable.
ex:anyscale_memorystore_name = "anyscale-memorystore"
| `string` | `null` | no |
-| [anyscale\_memorystore\_name\_prefix](#input\_anyscale\_memorystore\_name\_prefix) | (Optional - forces new resource) Memorystore Name Prefix
Creates a unique Memorystore instance name beginning with the specified prefix.
If `anyscale_memorystore_name` is provided, it will override this variable.
Because it is the prefix, it can end in a hyphen as it will have a random suffix appended to it.
The variable `general_prefix` is a fall-back prefix if this is not provided.
ex:anyscale_memorystore_name_prefix = "anyscale-memorystore"
| `string` | `null` | no |
-| [anyscale\_organization\_id](#input\_anyscale\_organization\_id) | (Required) Anyscale Organization ID.
This is the ID of the Anyscale Organization. This is not the same as the GCP Organization ID.
The Organization ID will be used to lock down the cross account access from Anyscale.
You can find the Anyscale Organization ID by going to the Anyscale UI while logged in as an Organization Owner,
and clicking on you're username, then clicking on Organization.
This is required. | `string` | n/a | yes |
-| [anyscale\_project\_billing\_account](#input\_anyscale\_project\_billing\_account) | (Optional) Google Billing Account ID.
This is required if creating a new project.
ex:anyscale_project_billing_account = "123456-123456-123456"
| `string` | `null` | no |
-| [anyscale\_project\_folder\_id](#input\_anyscale\_project\_folder\_id) | (Optional) The ID of a Google Cloud Folder.
Conflicts with `anyscale_project_organization_id`. If `anyscale_project_folder_id` is provided, it will be used and `anyscale_project_organization_id` will be ignored.
Changing this forces the project to be migrated to the newly specified folder.
ex:anyscale_project_folder_id = "1234567890"
| `string` | `null` | no |
-| [anyscale\_project\_labels](#input\_anyscale\_project\_labels) | (Optional) Project labels.
A map of labels to be added to the Anyscale Project.
ex:anyscale_project_labels = {
application = "Anyscale",
environment = "prod"
}Default is an empty map. | `map(string)` | `{}` | no |
-| [anyscale\_project\_name](#input\_anyscale\_project\_name) | (Optional) Google Project name.
Google Project Name to create.
ex:anyscale_project_name = "anyscale-project"
| `string` | `null` | no |
-| [anyscale\_project\_name\_prefix](#input\_anyscale\_project\_name\_prefix) | (Optional) The name prefix for the project.
If `anyscale_project_name` is provided, it will override this variable.
The variable `general_prefix` is a fall-back prefix if this is not provided.
Default is `null` but is set to `anyscale-project-` in a local variable.
ex:anyscale_project_name_prefix = "anyscale-project-"
| `string` | `null` | no |
-| [anyscale\_project\_organization\_id](#input\_anyscale\_project\_organization\_id) | (Optional) Google Cloud Organization ID.
Conflicts with `anyscale_project_folder_id`. If `anyscale_project_folder_id` is provided, it will be used and `organization_id` will be ignored.
Changing this forces the project to be migrated to the newly specified organization.
ex:anyscale_project_organization_id = "1234567890"
| `string` | `null` | no |
-| [anyscale\_vpc\_create\_natgw](#input\_anyscale\_vpc\_create\_natgw) | (Optional) Determines if a NAT Gateway is created.
`anyscale_vpc_private_subnet_cidr` must also be specified for this resource to be created.
ex:anyscale_vpc_create_natgw = true
| `bool` | `true` | no |
-| [anyscale\_vpc\_description](#input\_anyscale\_vpc\_description) | (Optional) The description of the VPC.
ex:anyscale_vpc_description = "Anyscale VPC"
| `string` | `"VPC for Anyscale Resources"` | no |
-| [anyscale\_vpc\_firewall\_allow\_access\_from\_cidrs](#input\_anyscale\_vpc\_firewall\_allow\_access\_from\_cidrs) | (Required) Comma delimited string of IPv4 CIDRs
CIDR ranges to allow access to Anyscale resources. This should be the list of CIDR ranges that have access to the clusters. Public or private IPs are supported.
SSH and HTTPs ports will be opened to these CIDR ranges.
ex:anyscale_vpc_firewall_allow_access_from_cidrs = "10.0.1.0/24,24.1.24.24/32"
| `string` | n/a | yes |
-| [anyscale\_vpc\_firewall\_policy\_description](#input\_anyscale\_vpc\_firewall\_policy\_description) | (Optional) The description of the Anyscale VPC Firewall Policy.
ex:anyscale_vpc_firewall_policy_description = "Anyscale VPC Firewall Policy"
| `string` | `"Anyscale VPC Firewall Policy"` | no |
-| [anyscale\_vpc\_firewall\_policy\_name](#input\_anyscale\_vpc\_firewall\_policy\_name) | (Optional) The name of the Anyscale VPC Firewall Policy.
ex:anyscale_vpc_firewall_policy_name = "anyscale-vpc-firewall-policy"
| `string` | `null` | no |
-| [anyscale\_vpc\_name](#input\_anyscale\_vpc\_name) | (Optional) VPC name.
The name of the VPC to create.
- If left `null`, will default to `anyscale_vpc_name_prefix`.
- If provided, overrides the `anyscale_vpc_name_prefix` variable.
ex:anyscale_vpc_name = "anyscale-vpc"
| `string` | `null` | no |
-| [anyscale\_vpc\_name\_prefix](#input\_anyscale\_vpc\_name\_prefix) | (Optional) The prefix of the VPC name.
Creates a unique VPC name beginning with the specified prefix.
- If `anyscale_vpc_name` is provided, it will override this variable.
- The variable `general_prefix` is a fall-back prefix if this is not provided.
- Default is `null` but is set to `anyscale-vpc-` in a local variable.
ex:anyscale_vpc_name_prefix = "anyscale-vpc-"
| `string` | `null` | no |
-| [anyscale\_vpc\_private\_subnet\_cidr](#input\_anyscale\_vpc\_private\_subnet\_cidr) | (Optional) The private subnet to create.
Anyscale recommends a /20 or larger CIDR block, but will accept a /24 or larger with a warning. The Anyscale VPC module will only create one private subnet in one region.
ex:anyscale_vpc_private_subnet_cidr = "10.100.0.0/20"
| `string` | `null` | no |
-| [anyscale\_vpc\_proxy\_subnet\_cidr](#input\_anyscale\_vpc\_proxy\_subnet\_cidr) | (Optional) The proxy subnet to create.
Anyscale recommends a /22 or larger CIDR block. The Anyscale VPC module will only create one proxy subnet in one region.
Anyscale uses Proxy Subnets for the load balancer as part of Anyscale Services.
ex:anyscale_vpc_proxy_subnet_cidr = "10.100.0.0/20"
| `string` | `null` | no |
-| [anyscale\_vpc\_public\_subnet\_cidr](#input\_anyscale\_vpc\_public\_subnet\_cidr) | (Optional) The public subnet to create.
This VPC terraform will only create one public subnet in one region.
ex:anyscale_vpc_public_subnet_cidr = "10.100.0.0/20"
| `string` | `null` | no |
-| [anyscale\_workload\_identity\_account\_id](#input\_anyscale\_workload\_identity\_account\_id) | (Optional) The AWS Account ID for Anyscale. Only use this if you are instructed to do so.
This will override the sub-module variable: `anyscale_aws_account_id`
ex:anyscale_workload_identity_account_id = "123456789012"
| `string` | `null` | no |
-| [anyscale\_workload\_identity\_pool\_description](#input\_anyscale\_workload\_identity\_pool\_description) | (Optional) The description of the workload identity pool.
ex:anyscale_workload_identity_pool_description = "Used to provide Anyscale access from AWS."
| `string` | `"Used to provide Anyscale access from AWS."` | no |
-| [anyscale\_workload\_identity\_pool\_display\_name](#input\_anyscale\_workload\_identity\_pool\_display\_name) | (Optional) The display name of the workload identity pool.
Must be less than or equal to 32 chars.
ex:anyscale_workload_identity_pool_display_name = "Anyscale Cross Account Access"
| `string` | `"Anyscale Cross Account Access"` | no |
-| [anyscale\_workload\_identity\_pool\_name](#input\_anyscale\_workload\_identity\_pool\_name) | (Optional) The name of the workload identity pool.
If it is not provided, the Anyscale Access role name is used.
ex:anyscale_workload_identity_pool_name = "anyscale-identitypool-access"
| `string` | `null` | no |
-| [anyscale\_workload\_identity\_pool\_provider\_name](#input\_anyscale\_workload\_identity\_pool\_provider\_name) | (Optional) The name of the workload identity pool provider.
If it is not provided, the Anyscale Access role name is used.
ex:anyscale_workload_identity_pool_provider_name = "anyscale-identitypool-access"
| `string` | `null` | no |
-| [bucket\_iam\_binding\_override\_roles](#input\_bucket\_iam\_binding\_override\_roles) | (Optional) List of roles to grant to the Anyscale Service Accounts.
This allows you to override the defaults in the `google-anyscale-cloudstorage` module.
Default is an empty list but will be populated with the following roles via the module: ["roles/storage.objectAdmin", "roles/storage.legacyBucketReader"]
ex:bucket_iam_binding_override_roles = ["roles/storage.objectAdmin"]
| `list(string)` | `[]` | no |
-| [common\_prefix](#input\_common\_prefix) | (Optional) Common Prefix for all resources.
A common prefix to add to resources created (where prefixes are allowed).
If paired with `use_common_name`, this will apply to all resources.
If this is not paired with `use_common_name`, this applies to:
- CloudStorage Buckets
- IAM Resources
- Security Groups
Resource specific prefixes override this variable.
Max length is 30 characters.
ex:common_prefix = "anyscale-"
| `string` | `null` | no |
-| [enable\_anyscale\_filestore](#input\_enable\_anyscale\_filestore) | (Optional) Determines if the Anyscale Filestore is created.
ex:enable_anyscale_filestore = true
| `bool` | `true` | no |
-| [enable\_anyscale\_gcs](#input\_enable\_anyscale\_gcs) | (Optional) Determines if the Anyscale Cloud Storage bucket is created.
ex:enable_anyscale_gcs = true
| `bool` | `true` | no |
-| [enable\_anyscale\_iam](#input\_enable\_anyscale\_iam) | (Optional) Determines if the Anyscale IAM resources are created.
ex:enable_anyscale_iam = true
| `bool` | `true` | no |
-| [enable\_anyscale\_memorystore](#input\_enable\_anyscale\_memorystore) | (Optional) Determines if the Anyscale Memorystore is created.
ex:enable_anyscale_memorystore = true
| `bool` | `false` | no |
-| [enable\_anyscale\_vpc\_firewall](#input\_enable\_anyscale\_vpc\_firewall) | (Optional) Determines if the Anyscale VPC Firewall is created.
ex:enable_anyscale_vpc_firewall = true
| `bool` | `true` | no |
-| [enable\_cloud\_logging\_monitoring](#input\_enable\_cloud\_logging\_monitoring) | (Optional) Determines if the Google Cloud Logging and Monitoring APIs are enabled.
If this is set to `true`, the following APIs will be enabled:
- logging.googleapis.com
- monitoring.googleapis.com
Additionally, the Anyscale Cluster Role will be granted access to the following roles:
- logging.logWriter
- monitoring.metricWriter
- monitoring.viewer
ex:enable_cloud_logging_monitoring = true
| `bool` | `false` | no |
-| [enable\_google\_apis](#input\_enable\_google\_apis) | (Optional) Determines if the required Google APIs are enabled.
ex:enable_google_apis = true
| `bool` | `true` | no |
-| [existing\_cloudstorage\_bucket\_name](#input\_existing\_cloudstorage\_bucket\_name) | (Optional) Existing Cloud Storage Bucket Name.
The name of an existing Cloud Storage bucket that you'd like to use. Please make sure that it meets the minimum requirements for Anyscale including:
- Bucket Policy
- CORS Policy
- Encryption configuration
If provided, this will skip creating a new Cloud Storage bucket with the Anyscale Cloud Storage module.
ex:existing_cloudstorage_bucket_name = "anyscale-bucket"
| `string` | `null` | no |
-| [existing\_filestore\_instance\_name](#input\_existing\_filestore\_instance\_name) | (Optional) Existing Filestore Instance Name.
The name of an existing Filestore instance that you'd like to use.
If provided, this will skip creating a new Filestore instance with the Anyscale Filestore module.
ex:existing_filestore_instance_name = "anyscale-filestore"
| `string` | `null` | no |
-| [existing\_memorystore\_instance\_name](#input\_existing\_memorystore\_instance\_name) | (Optional) The name of an existing Memorystore instance.
If this is provided, the Anyscale Memorystore module will skip creating a new Memorystore instance.
ex:existing_memorystore_instance_name = "anyscale-memorystore"
| `string` | `null` | no |
-| [existing\_project\_id](#input\_existing\_project\_id) | (Optional) An existing GCP Project ID.
If provided, this will skip creating resources with the Anyscale Project module.
ex:existing_project_id = "my-project-id"
| `string` | `null` | no |
-| [existing\_vpc\_name](#input\_existing\_vpc\_name) | (Optional) An existing VPC Name.
If provided, this module will skip creating a new VPC with the Anyscale VPC module.
An existing VPC Subnet Name (`existing_vpc_subnet_name`) is also required if this is provided.
ex:existing_vpc_name = "anyscale-vpc"
| `string` | `null` | no |
-| [existing\_vpc\_subnet\_name](#input\_existing\_vpc\_subnet\_name) | (Optional) Existing subnet name to create Anyscale resources in.
If provided, this will skip creating resources with the Anyscale VPC module.
An existing VPC Name (`existing_vpc_name`) is also required if this is provided.
ex:existing_vpc_subnet_name = "anyscale-subnet"
| `string` | `null` | no |
-| [existing\_workload\_identity\_provider\_name](#input\_existing\_workload\_identity\_provider\_name) | (Optional) The name of an existing workload identity provider to use.
If provided, will skip creating the workload identity pool and provider. The Workload Identity Provider can be in a different project.
You can retrieve the name of an existing Workload Identity Provider by running the following command:gcloud iam workload-identity-pools providers list --location global --workload-identity-pool anyscale-access-pool
ex:existing_workload_identity_provider_name = "projects/1234567890/locations/global/workloadIdentityPools/anyscale-access-pool/providers/anyscale-access-provider"
| `string` | `null` | no |
-| [labels](#input\_labels) | (Optional) A map of labels.
Labels to be added to all resources that accept labels.
Resource dependent labels will be appended to this list.
ex:labels = {
application = "Anyscale",
environment = "prod"
}Default is an empty map. | `map(string)` | `{}` | no |
-| [random\_char\_length](#input\_random\_char\_length) | (Optional) Random suffix character length
Determines the random suffix length that is used to generate a common name.
Certain Google resources have a hard limit on name lengths and this will allow
the ability to control how many characters are added as a suffix.
Many Google resources have a limit of 28 characters in length.
Keep that in mind while setting this value.
Must be >= 2 and <= 12.
ex:random_char_length = 4
| `number` | `4` | no |
-| [shared\_vpc\_project\_id](#input\_shared\_vpc\_project\_id) | (Optional) The ID of the project that hosts the shared VPC.
If provided, this will set the Project ID to the Shared VPC for the `google-anyscale-vpc-firewall` submodule.
An existing VPC Name (`existing_vpc_name`) and VPC Subnet Name (`existing_vpc_subnet_name`) are also required if this is provided.
ex:shared_vpc_project_id = "anyscale-sharedvpc"
| `string` | `null` | no |
-| [use\_common\_name](#input\_use\_common\_name) | (Optional) Determines if a standard name should be used across all resources.
- If set to true and `common_prefix` is also provided, the `common_prefix` will be used and prefixed to a common name.
- If set to true and `common_prefix` is not provided, the prefix will be `anyscale-`
- If set to true, this will also use a random suffix to avoid name collisions.
ex:use_common_name = true
| `bool` | `false` | no |
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [allow\_ssh\_from\_google\_ui](#input\_allow\_ssh\_from\_google\_ui) | (Optional) Determines if SSH access is allowed from the Google UI.
ex:allow_ssh_from_google_ui = true
| `bool` | `true` | no |
+| [anyscale\_access\_role\_description](#input\_anyscale\_access\_role\_description) | (Optional) The description of the Anyscale IAM access role.
ex:anyscale_access_role_description = "Anyscale Cross Account Access"
| `string` | `"Anyscale Cross Account Access Role"` | no |
+| [anyscale\_bucket\_cors\_rules](#input\_anyscale\_bucket\_cors\_rules) | (Optional) List of CORS rules to configure.
Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#cors except max\_age\_seconds should be a number.
ex:anyscale_bucket_cors_rules = [
{
origins = ["https://*.anyscale.com"]
methods = ["GET", "HEAD, "PUT", "POST", "DELETE"]
response_headers = ["*"]
max_age_seconds = 3600
}
]
| set(object({
# Object with keys:
# - origins - (Required) List of values, with wildcards, of the Origin header in the request that an incoming OPTIONS request will be matched against.
# - methods - (Required) Lilst of values, with wildcards, of the Access-Control-Request-Method header in the request that an incoming OPTIONS request will be matched against.
# - response_headers - (Required) List of values, with wildcards, of the Access-Control-Request-Headers header in the request that an incoming OPTIONS request will be matched against.
# - max_age_seconds - (Optional) The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.
origins = list(string)
methods = list(string)
response_headers = list(string)
max_age_seconds = number
})) | [
{
"max_age_seconds": 3600,
"methods": [
"GET",
"POST",
"PUT",
"HEAD",
"DELETE"
],
"origins": [
"https://*.anyscale.com"
],
"response_headers": [
"*"
]
}
]
| no |
+| [anyscale\_bucket\_lifecycle\_rules](#input\_anyscale\_bucket\_lifecycle\_rules) | (Optional) List of lifecycle rules to configure.
Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches\_storage\_class should be a comma delimited string.
ex:anyscale_bucket_lifecycle_rules = [
{
action = {
type = "Delete"
storage_class = "MULTI_REGIONAL"
}
condition = {
age = 30
}
}
]
| set(object({
# Object with keys:
# - type - The type of the action of this Lifecycle Rule. Supported values: Delete and SetStorageClass.
# - storage_class - (Required if action type is SetStorageClass) The target Storage Class of objects affected by this Lifecycle Rule.
action = map(string)
# Object with keys:
# - age - (Optional) Minimum age of an object in days to satisfy this condition.
# - created_before - (Optional) Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.
# - with_state - (Optional) Match to live and/or archived objects. Supported values include: "LIVE", "ARCHIVED", "ANY".
# - matches_storage_class - (Optional) Comma delimited string for storage class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, DURABLE_REDUCED_AVAILABILITY.
# - matches_prefix - (Optional) One or more matching name prefixes to satisfy this condition.
# - matches_suffix - (Optional) One or more matching name suffixes to satisfy this condition.
# - num_newer_versions - (Optional) Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.
# - custom_time_before - (Optional) A date in the RFC 3339 format YYYY-MM-DD. This condition is satisfied when the customTime metadata for the object is set to an earlier date than the date used in this lifecycle condition.
# - days_since_custom_time - (Optional) The number of days from the Custom-Time metadata attribute after which this condition becomes true.
# - days_since_noncurrent_time - (Optional) Relevant only for versioned objects. Number of days elapsed since the noncurrent timestamp of an object.
# - noncurrent_time_before - (Optional) Relevant only for versioned objects. The date in RFC 3339 (e.g. 2017-06-13) when the object became nonconcurrent.
condition = map(string)
})) | `[]` | no |
+| [anyscale\_bucket\_location](#input\_anyscale\_bucket\_location) | (Optional) The location of the bucket.
ex:anyscale_bucket_location = "US"
| `string` | `"US"` | no |
+| [anyscale\_bucket\_name](#input\_anyscale\_bucket\_name) | (Optional - forces new resource) Cloudstorage bucket name.
The name of the bucket used to store Anyscale related logs and other shared resources.
- If left `null`, will default to `anyscale_bucket_prefix`.
- If provided, overrides the `anyscale_bucket_prefix` variable.
ex:anyscale_bucket_name = "anyscale-bucket"
| `string` | `null` | no |
+| [anyscale\_bucket\_prefix](#input\_anyscale\_bucket\_prefix) | (Optional - forces new resource) Cloudstorage bucket name prefix.
Creates a unique bucket name beginning with the specified prefix.
- If `anyscale_bucket_name` is provided, it will override this variable.
- The variable `general_prefix` is a fall-back prefix if this is not provided.
- Default is `null` but is set to `anyscale-` in a local variable.
ex:anyscale_bucket_prefix = "anyscale-bucket-"
| `string` | `null` | no |
+| [anyscale\_bucket\_storage\_class](#input\_anyscale\_bucket\_storage\_class) | (Optional) Bucket storage class.
Must be one of: STANDARD, MULTI\_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE
ex:anyscale_bucket_storage_class = "STANDARD"
| `string` | `"STANDARD"` | no |
+| [anyscale\_cloud\_id](#input\_anyscale\_cloud\_id) | (Optional) Anyscale Cloud ID.
This is the ID of the Anyscale Cloud. This is not the same as the GCP Project ID. Used in labels.
ex:anyscale_cloud_id = "cld_1234567890"
| `string` | `null` | no |
+| [anyscale\_cluster\_node\_service\_acct\_description](#input\_anyscale\_cluster\_node\_service\_acct\_description) | (Optional) The description of the IAM role that will be created for Anyscale access.
ex:anyscale_cluster_node_service_acct_description = "Anyscale Cluster Node"
| `string` | `null` | no |
+| [anyscale\_cluster\_node\_service\_acct\_name](#input\_anyscale\_cluster\_node\_service\_acct\_name) | (Optional - forces new resource) IAM Cluster Node Role Name
The name of the IAM role that will be created for Anyscale cluster nodes.
- If left `null`, will default to anyscale\_cluster\_node\_service\_acct\_name\_prefix.
- If provided, overrides the anyscale\_cluster\_node\_service\_acct\_name\_prefix variable.
- It needs to be > 4 chars and < 28 chars.
ex:anyscale_cluster_node_service_acct_name = "anyscale-cluster-node"
| `string` | `null` | no |
+| [anyscale\_cluster\_node\_service\_acct\_name\_prefix](#input\_anyscale\_cluster\_node\_service\_acct\_name\_prefix) | (Optional - forces new resource) IAM Cluster Node Role Name Prefix
Creates a unique IAM role name beginning with the specified prefix.
- If `anyscale_cluster_node_service_acct_name` is provided, it will override this variable.
- The variable `general_prefix` is a fall-back prefix if this is not provided.
- Default is `null` but is set to `anyscale-cluster-` in a local variable.
- It needs to be > 4 chars and < 20 chars.
ex:anyscale_cluster_node_service_acct_name_prefix = "anyscale-cluster-"
| `string` | `null` | no |
+| [anyscale\_deploy\_env](#input\_anyscale\_deploy\_env) | (Optional) Anyscale deploy environment.
Used in resource names and tags.
ex:anyscale_deploy_env = "production"
| `string` | `"production"` | no |
+| [anyscale\_filestore\_capacity\_gb](#input\_anyscale\_filestore\_capacity\_gb) | (Optional) The capacity of the fileshare in GB.
This must be at least 1024 GiB for the standard or enterprise tiers, or 2560 GiB for the premium tier.
Default is `1024`. | `number` | `1024` | no |
+| [anyscale\_filestore\_description](#input\_anyscale\_filestore\_description) | (Optional) The description of the filestore instance.
ex:anyscale_filestore_description = "Anyscale Filestore Instance"
| `string` | `"Anyscale Filestore Instance"` | no |
+| [anyscale\_filestore\_fileshare\_name](#input\_anyscale\_filestore\_fileshare\_name) | (Optional - forces new resource) Filestore fileshare name.
The name of the fileshare to create.
- If left `null`, will default to `common_name`.
- If `common_name` is null or over 16 chars, will default to `anyscale`.
- Must start with a letter, followed by letters, numbers, or underscores, and cannot end with an underscore.
- Can not be longer than 16 characters.
ex:anyscale_filestore_fileshare_name = "anyscale-fileshare"
| `string` | `null` | no |
+| [anyscale\_filestore\_labels](#input\_anyscale\_filestore\_labels) | (Optional) Filestore Labels
A map of labels to be added to the Filestore instance.
Duplicate labels in `labels` will be overwritten by labels in `anyscale_filestore_labels`.
ex:anyscale_filestore_labels = {
application = "Anyscale",
environment = "prod"
} | `map(string)` | `{}` | no |
+| [anyscale\_filestore\_location](#input\_anyscale\_filestore\_location) | (Optional) The name of the location region in which the filestore resource will be created.
This can be a region for `ENTERPRISE` tier instances.
If it is not provided, the region for the VPC network will be used
If a VPC network was not created, provider region is used.
ex:anyscale_filestore_location = "us-central1"
| `string` | `null` | no |
+| [anyscale\_filestore\_name](#input\_anyscale\_filestore\_name) | (Optional - forces new resource) Filestore instance name.
The name of the filestore instance used to store Anyscale related logs and other shared resources.
- If left `null`, will default to `anyscale_filestore_name_prefix`.
- If provided, overrides the `anyscale_filestore_name_prefix` variable.
ex:anyscale_filestore_name = "anyscale-filestore"
| `string` | `null` | no |
+| [anyscale\_filestore\_name\_prefix](#input\_anyscale\_filestore\_name\_prefix) | (Optional - forces new resource) Filestore instance name prefix.
Creates a unique filestore instance name beginning with the specified prefix.
- If `anyscale_filestore_name` is provided, it will override this variable.
- The variable `general_prefix` is a fall-back prefix if this is not provided.
- Default is `null` but is set to `anyscale-` in a local variable.
ex:anyscale_filestore_name_prefix = "anyscale-filestore-"
| `string` | `null` | no |
+| [anyscale\_filestore\_network\_conect\_mode](#input\_anyscale\_filestore\_network\_conect\_mode) | (Optional) The network connect mode of the filestore instance.
Must be one of `DIRECT_PEERING` or `PRIVATE_SERVICE_ACCESS`. If using a Shared VPC, this must be set to `PRIVATE_SERVICE_ACCESS`.
ex:anyscale_filestore_network_conect_mode = "DIRECT_PEERING"
| `string` | `"DIRECT_PEERING"` | no |
+| [anyscale\_filestore\_tier](#input\_anyscale\_filestore\_tier) | (Optional) The tier of the filestore to create.
Must be one of `STANDARD`, `BASIC_HDD`, `BASIC_SSD`, `HIGH_SCALE_SSD`, `ENTERPRISE` or `PREMIUM`.
ex:anyscale_filestore_tier = "STANDARD"
| `string` | `"STANDARD"` | no |
+| [anyscale\_iam\_access\_role\_id](#input\_anyscale\_iam\_access\_role\_id) | (Optional, forces creation of new resource) The ID of the Anyscale IAM access role.
Overrides `anyscale_iam_access_role_id_prefix`.
ex:anyscale_iam_access_role_id = "anyscale_access_role"
| `string` | `null` | no |
+| [anyscale\_iam\_access\_role\_id\_prefix](#input\_anyscale\_iam\_access\_role\_id\_prefix) | (Optional, forces creation of new resource) The prefix of the Anyscale IAM access role.
If `anyscale_iam_access_role_id` is provided, it will override this variable.
If set to `null`, the prefix will be set to \"anyscale\_\" in a local variable.
ex:anyscale_iam_access_role_id_prefix = "anyscale_crossacct_role_"
| `string` | `"anyscale_crossacct_role_"` | no |
+| [anyscale\_iam\_access\_service\_acct\_description](#input\_anyscale\_iam\_access\_service\_acct\_description) | (Optional) The description of the IAM role that will be created for Anyscale access.
ex:anyscale_iam_access_service_acct_description = "Anyscale Cross Account Access"
| `string` | `null` | no |
+| [anyscale\_iam\_access\_service\_acct\_name](#input\_anyscale\_iam\_access\_service\_acct\_name) | (Optional - forces new resource) IAM Access Service Account Name
The name of the IAM role that will be created for Anyscale access.
- If left `null`, will default to `anyscale_iam_access_service_acct_name_prefix`.
- If provided, overrides the `anyscale_iam_access_service_acct_name_prefix` variable.
- It needs to be > 4 chars and < 28 chars.
ex:anyscale_iam_access_service_acct_name = "anyscale-crossacct-access"
| `string` | `null` | no |
+| [anyscale\_iam\_access\_service\_acct\_name\_prefix](#input\_anyscale\_iam\_access\_service\_acct\_name\_prefix) | (Optional - forces new resource) IAM Access Role Name Prefix
Creates a unique IAM Service Account name beginning with the specified prefix.
- If `anyscale_iam_access_service_acct_name` is provided, it will override this variable.
- The variable `general_prefix` is a fall-back prefix if this is not provided.
- Default is `null` but is set to `anyscale-crossacct-` in a local variable.
- It needs to be > 4 chars and < 20 chars.
ex:anyscale_iam_access_service_acct_name_prefix = "anyscale-crossacct-"
| `string` | `null` | no |
+| [anyscale\_memorystore\_display\_name](#input\_anyscale\_memorystore\_display\_name) | (Optional) Memorystore Display Name
The display name of the Memorystore instance used for Anyscale Services Head Node HA.
Must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens, and cannot end with a hyphen.
ex:anyscale_memorystore_display_name = "Anyscale Memorystore"
| `string` | `null` | no |
+| [anyscale\_memorystore\_labels](#input\_anyscale\_memorystore\_labels) | (Optional) Memorystore Labels
A map of labels to be added to the Memorystore instance.
Duplicate labels in `labels` will be overwritten by labels in `anyscale_memorystore_labels`.
ex:anyscale_memorystore_labels = {
application = "Anyscale",
environment = "prod"
} | `map(string)` | `{}` | no |
+| [anyscale\_memorystore\_name](#input\_anyscale\_memorystore\_name) | (Optional - forces new resource) Memorystore Name
The name of the Memorystore instance used for Anyscale Services Head Node HA.
If left `null`, will default to `anyscale_memorystore_name_prefix`.
If provided, overrides the `anyscale_memorystore_name_prefix` variable.
ex:anyscale_memorystore_name = "anyscale-memorystore"
| `string` | `null` | no |
+| [anyscale\_memorystore\_name\_prefix](#input\_anyscale\_memorystore\_name\_prefix) | (Optional - forces new resource) Memorystore Name Prefix
Creates a unique Memorystore instance name beginning with the specified prefix.
If `anyscale_memorystore_name` is provided, it will override this variable.
Because it is the prefix, it can end in a hyphen as it will have a random suffix appended to it.
The variable `general_prefix` is a fall-back prefix if this is not provided.
ex:anyscale_memorystore_name_prefix = "anyscale-memorystore"
| `string` | `null` | no |
+| [anyscale\_organization\_id](#input\_anyscale\_organization\_id) | (Required) Anyscale Organization ID.
This is the ID of the Anyscale Organization. This is not the same as the GCP Organization ID.
The Organization ID will be used to lock down the cross account access from Anyscale.
You can find the Anyscale Organization ID by going to the Anyscale UI while logged in as an Organization Owner,
and clicking on you're username, then clicking on Organization.
This is required. | `string` | n/a | yes |
+| [anyscale\_project\_billing\_account](#input\_anyscale\_project\_billing\_account) | (Optional) Google Billing Account ID.
This is required if creating a new project.
ex:anyscale_project_billing_account = "123456-123456-123456"
| `string` | `null` | no |
+| [anyscale\_project\_folder\_id](#input\_anyscale\_project\_folder\_id) | (Optional) The ID of a Google Cloud Folder.
Conflicts with `anyscale_project_organization_id`. If `anyscale_project_folder_id` is provided, it will be used and `anyscale_project_organization_id` will be ignored.
Changing this forces the project to be migrated to the newly specified folder.
ex:anyscale_project_folder_id = "1234567890"
| `string` | `null` | no |
+| [anyscale\_project\_labels](#input\_anyscale\_project\_labels) | (Optional) Project labels.
A map of labels to be added to the Anyscale Project.
ex:anyscale_project_labels = {
application = "Anyscale",
environment = "prod"
}Default is an empty map. | `map(string)` | `{}` | no |
+| [anyscale\_project\_name](#input\_anyscale\_project\_name) | (Optional) Google Project name.
Google Project Name to create.
ex:anyscale_project_name = "anyscale-project"
| `string` | `null` | no |
+| [anyscale\_project\_name\_prefix](#input\_anyscale\_project\_name\_prefix) | (Optional) The name prefix for the project.
If `anyscale_project_name` is provided, it will override this variable.
The variable `general_prefix` is a fall-back prefix if this is not provided.
Default is `null` but is set to `anyscale-project-` in a local variable.
ex:anyscale_project_name_prefix = "anyscale-project-"
| `string` | `null` | no |
+| [anyscale\_project\_organization\_id](#input\_anyscale\_project\_organization\_id) | (Optional) Google Cloud Organization ID.
Conflicts with `anyscale_project_folder_id`. If `anyscale_project_folder_id` is provided, it will be used and `organization_id` will be ignored.
Changing this forces the project to be migrated to the newly specified organization.
ex:anyscale_project_organization_id = "1234567890"
| `string` | `null` | no |
+| [anyscale\_vpc\_create\_natgw](#input\_anyscale\_vpc\_create\_natgw) | (Optional) Determines if a NAT Gateway is created.
`anyscale_vpc_private_subnet_cidr` must also be specified for this resource to be created.
ex:anyscale_vpc_create_natgw = true
| `bool` | `true` | no |
+| [anyscale\_vpc\_description](#input\_anyscale\_vpc\_description) | (Optional) The description of the VPC.
ex:anyscale_vpc_description = "Anyscale VPC"
| `string` | `"VPC for Anyscale Resources"` | no |
+| [anyscale\_vpc\_firewall\_allow\_access\_from\_cidrs](#input\_anyscale\_vpc\_firewall\_allow\_access\_from\_cidrs) | (Required) Comma delimited string of IPv4 CIDRs
CIDR ranges to allow access to Anyscale resources. This should be the list of CIDR ranges that have access to the clusters. Public or private IPs are supported.
SSH and HTTPs ports will be opened to these CIDR ranges.
ex:anyscale_vpc_firewall_allow_access_from_cidrs = "10.0.1.0/24,24.1.24.24/32"
| `string` | n/a | yes |
+| [anyscale\_vpc\_firewall\_policy\_description](#input\_anyscale\_vpc\_firewall\_policy\_description) | (Optional) The description of the Anyscale VPC Firewall Policy.
ex:anyscale_vpc_firewall_policy_description = "Anyscale VPC Firewall Policy"
| `string` | `"Anyscale VPC Firewall Policy"` | no |
+| [anyscale\_vpc\_firewall\_policy\_name](#input\_anyscale\_vpc\_firewall\_policy\_name) | (Optional) The name of the Anyscale VPC Firewall Policy.
ex:anyscale_vpc_firewall_policy_name = "anyscale-vpc-firewall-policy"
| `string` | `null` | no |
+| [anyscale\_vpc\_name](#input\_anyscale\_vpc\_name) | (Optional) VPC name.
The name of the VPC to create.
- If left `null`, will default to `anyscale_vpc_name_prefix`.
- If provided, overrides the `anyscale_vpc_name_prefix` variable.
ex:anyscale_vpc_name = "anyscale-vpc"
| `string` | `null` | no |
+| [anyscale\_vpc\_name\_prefix](#input\_anyscale\_vpc\_name\_prefix) | (Optional) The prefix of the VPC name.
Creates a unique VPC name beginning with the specified prefix.
- If `anyscale_vpc_name` is provided, it will override this variable.
- The variable `general_prefix` is a fall-back prefix if this is not provided.
- Default is `null` but is set to `anyscale-vpc-` in a local variable.
ex:anyscale_vpc_name_prefix = "anyscale-vpc-"
| `string` | `null` | no |
+| [anyscale\_vpc\_private\_subnet\_cidr](#input\_anyscale\_vpc\_private\_subnet\_cidr) | (Optional) The private subnet to create.
Anyscale recommends a /20 or larger CIDR block, but will accept a /24 or larger with a warning. The Anyscale VPC module will only create one private subnet in one region.
ex:anyscale_vpc_private_subnet_cidr = "10.100.0.0/20"
| `string` | `null` | no |
+| [anyscale\_vpc\_private\_subnet\_name](#input\_anyscale\_vpc\_private\_subnet\_name) | (Optional) The private subnet name.
This VPC terraform will only create one private subnet in one region.
Overrides `anyscale_vpc_private_subnet_suffix` if provided.
ex:anyscale_vpc_private_subnet_name = "anyscale-private-subnet"
| `string` | `null` | no |
+| [anyscale\_vpc\_private\_subnet\_suffix](#input\_anyscale\_vpc\_private\_subnet\_suffix) | (Optional) The private subnet suffix.
Prepended with the VPC name and region to create a unique private subnet name.
Overriden by `anyscale_vpc_private_subnet_name`.
ex:anyscale_vpc_private_subnet_suffix = "private"
| `string` | `"private"` | no |
+| [anyscale\_vpc\_proxy\_subnet\_cidr](#input\_anyscale\_vpc\_proxy\_subnet\_cidr) | (Optional) The proxy subnet to create.
Anyscale recommends a /22 or larger CIDR block. The Anyscale VPC module will only create one proxy subnet in one region.
Anyscale uses Proxy Subnets for the load balancer as part of Anyscale Services.
ex:anyscale_vpc_proxy_subnet_cidr = "10.100.0.0/20"
| `string` | `null` | no |
+| [anyscale\_vpc\_proxy\_subnet\_name](#input\_anyscale\_vpc\_proxy\_subnet\_name) | (Optional) The proxy subnet name.
Overrides `anyscale_vpc_proxy_subnet_suffix` if provided.
This VPC terraform will only create one proxy subnet in one region. Proxy-Only subnets are used for Google Cloud Load Balancers.
More information can be found in the [Google Cloud Load Balancer Documentation](https://cloud.google.com/load-balancing/docs/proxy-only-subnets).
ex:anyscale_vpc_proxy_subnet_name = "anyscale-proxy-subnet"
| `string` | `null` | no |
+| [anyscale\_vpc\_proxy\_subnet\_suffix](#input\_anyscale\_vpc\_proxy\_subnet\_suffix) | (Optional) The proxy subnet suffix.
Prepended with the VPC name and region to create a unique proxy subnet name.
Overridden by `anyscale_vpc_proxy_subnet_name`.
ex:anyscale_vpc_proxy_subnet_suffix = "proxy"
| `string` | `"proxy"` | no |
+| [anyscale\_vpc\_public\_subnet\_cidr](#input\_anyscale\_vpc\_public\_subnet\_cidr) | (Optional) The public subnet to create.
This VPC terraform will only create one public subnet in one region.
ex:anyscale_vpc_public_subnet_cidr = "10.100.0.0/20"
| `string` | `null` | no |
+| [anyscale\_vpc\_public\_subnet\_name](#input\_anyscale\_vpc\_public\_subnet\_name) | (Optional) The public subnet name.
This VPC terraform will only create one public subnet in one region.
Overrides `anyscale_vpc_public_subnet_suffix` if provided.
ex:anyscale_vpc_public_subnet_name = "anyscale-public-subnet"
| `string` | `null` | no |
+| [anyscale\_vpc\_public\_subnet\_suffix](#input\_anyscale\_vpc\_public\_subnet\_suffix) | (Optional) The public subnet suffix.
Prepended with the VPC name and region to create a unique public subnet name.
Overridden by `anyscale_vpc_public_subnet_name`.
ex:anyscale_vpc_public_subnet_suffix = "public"
| `string` | `"public"` | no |
+| [anyscale\_workload\_identity\_account\_id](#input\_anyscale\_workload\_identity\_account\_id) | (Optional) The AWS Account ID for Anyscale. Only use this if you are instructed to do so.
This will override the sub-module variable: `anyscale_aws_account_id`
ex:anyscale_workload_identity_account_id = "123456789012"
| `string` | `null` | no |
+| [anyscale\_workload\_identity\_pool\_description](#input\_anyscale\_workload\_identity\_pool\_description) | (Optional) The description of the workload identity pool.
ex:anyscale_workload_identity_pool_description = "Used to provide Anyscale access from AWS."
| `string` | `"Used to provide Anyscale access from AWS."` | no |
+| [anyscale\_workload\_identity\_pool\_display\_name](#input\_anyscale\_workload\_identity\_pool\_display\_name) | (Optional) The display name of the workload identity pool.
Must be less than or equal to 32 chars.
ex:anyscale_workload_identity_pool_display_name = "Anyscale Cross Account Access"
| `string` | `"Anyscale Cross Account Access"` | no |
+| [anyscale\_workload\_identity\_pool\_name](#input\_anyscale\_workload\_identity\_pool\_name) | (Optional) The name of the workload identity pool.
If it is not provided, the Anyscale Access role name is used.
ex:anyscale_workload_identity_pool_name = "anyscale-identitypool-access"
| `string` | `null` | no |
+| [anyscale\_workload\_identity\_pool\_provider\_name](#input\_anyscale\_workload\_identity\_pool\_provider\_name) | (Optional) The name of the workload identity pool provider.
If it is not provided, the Anyscale Access role name is used.
ex:anyscale_workload_identity_pool_provider_name = "anyscale-identitypool-access"
| `string` | `null` | no |
+| [bucket\_iam\_binding\_override\_roles](#input\_bucket\_iam\_binding\_override\_roles) | (Optional) List of roles to grant to the Anyscale Service Accounts.
This allows you to override the defaults in the `google-anyscale-cloudstorage` module.
Default is an empty list but will be populated with the following roles via the module: ["roles/storage.objectAdmin", "roles/storage.legacyBucketReader"]
ex:bucket_iam_binding_override_roles = ["roles/storage.objectAdmin"]
| `list(string)` | `[]` | no |
+| [common\_prefix](#input\_common\_prefix) | (Optional) Common Prefix for all resources.
A common prefix to add to resources created (where prefixes are allowed).
If paired with `use_common_name`, this will apply to all resources.
If this is not paired with `use_common_name`, this applies to:
- CloudStorage Buckets
- IAM Resources
- Security Groups
Resource specific prefixes override this variable.
Max length is 30 characters.
ex:common_prefix = "anyscale-"
| `string` | `null` | no |
+| [enable\_anyscale\_filestore](#input\_enable\_anyscale\_filestore) | (Optional) Determines if the Anyscale Filestore is created.
ex:enable_anyscale_filestore = true
| `bool` | `true` | no |
+| [enable\_anyscale\_gcs](#input\_enable\_anyscale\_gcs) | (Optional) Determines if the Anyscale Cloud Storage bucket is created.
ex:enable_anyscale_gcs = true
| `bool` | `true` | no |
+| [enable\_anyscale\_iam](#input\_enable\_anyscale\_iam) | (Optional) Determines if the Anyscale IAM resources are created.
ex:enable_anyscale_iam = true
| `bool` | `true` | no |
+| [enable\_anyscale\_memorystore](#input\_enable\_anyscale\_memorystore) | (Optional) Determines if the Anyscale Memorystore is created.
ex:enable_anyscale_memorystore = true
| `bool` | `false` | no |
+| [enable\_anyscale\_vpc\_firewall](#input\_enable\_anyscale\_vpc\_firewall) | (Optional) Determines if the Anyscale VPC Firewall is created.
ex:enable_anyscale_vpc_firewall = true
| `bool` | `true` | no |
+| [enable\_cloud\_logging\_monitoring](#input\_enable\_cloud\_logging\_monitoring) | (Optional) Determines if the Google Cloud Logging and Monitoring APIs are enabled.
If this is set to `true`, the following APIs will be enabled:
- logging.googleapis.com
- monitoring.googleapis.com
Additionally, the Anyscale Cluster Role will be granted access to the following roles:
- logging.logWriter
- monitoring.metricWriter
- monitoring.viewer
ex:enable_cloud_logging_monitoring = true
| `bool` | `false` | no |
+| [enable\_google\_apis](#input\_enable\_google\_apis) | (Optional) Determines if the required Google APIs are enabled.
ex:enable_google_apis = true
| `bool` | `true` | no |
+| [existing\_cloudstorage\_bucket\_name](#input\_existing\_cloudstorage\_bucket\_name) | (Optional) Existing Cloud Storage Bucket Name.
The name of an existing Cloud Storage bucket that you'd like to use. Please make sure that it meets the minimum requirements for Anyscale including:
- Bucket Policy
- CORS Policy
- Encryption configuration
If provided, this will skip creating a new Cloud Storage bucket with the Anyscale Cloud Storage module.
ex:existing_cloudstorage_bucket_name = "anyscale-bucket"
| `string` | `null` | no |
+| [existing\_filestore\_instance\_name](#input\_existing\_filestore\_instance\_name) | (Optional) Existing Filestore Instance Name.
The name of an existing Filestore instance that you'd like to use.
If provided, this will skip creating a new Filestore instance with the Anyscale Filestore module.
ex:existing_filestore_instance_name = "anyscale-filestore"
| `string` | `null` | no |
+| [existing\_memorystore\_instance\_name](#input\_existing\_memorystore\_instance\_name) | (Optional) The name of an existing Memorystore instance.
If this is provided, the Anyscale Memorystore module will skip creating a new Memorystore instance.
ex:existing_memorystore_instance_name = "anyscale-memorystore"
| `string` | `null` | no |
+| [existing\_project\_id](#input\_existing\_project\_id) | (Optional) An existing GCP Project ID.
If provided, this will skip creating resources with the Anyscale Project module.
ex:existing_project_id = "my-project-id"
| `string` | `null` | no |
+| [existing\_vpc\_id](#input\_existing\_vpc\_id) | (Optional) An existing VPC ID.
If provided, this module will skip creating a new VPC with the Anyscale VPC module.
An existing VPC Subnet Name (`existing_vpc_subnet_name`) is also required if this is provided.
ex:existing_vpc_id = "projects/anyscale/global/networks/anyscale-network"
| `string` | `null` | no |
+| [existing\_vpc\_name](#input\_existing\_vpc\_name) | (Optional) An existing VPC Name.
If provided, this module will skip creating a new VPC with the Anyscale VPC module.
An existing VPC Subnet Name (`existing_vpc_subnet_name`) is also required if this is provided.
ex:existing_vpc_name = "anyscale-vpc"
| `string` | `null` | no |
+| [existing\_vpc\_subnet\_name](#input\_existing\_vpc\_subnet\_name) | (Optional) Existing subnet name to create Anyscale resources in.
If provided, this will skip creating resources with the Anyscale VPC module.
An existing VPC Name (`existing_vpc_name`) is also required if this is provided.
ex:existing_vpc_subnet_name = "anyscale-subnet"
| `string` | `null` | no |
+| [existing\_workload\_identity\_provider\_name](#input\_existing\_workload\_identity\_provider\_name) | (Optional) The name of an existing workload identity provider to use.
If provided, will skip creating the workload identity pool and provider. The Workload Identity Provider can be in a different project.
You can retrieve the name of an existing Workload Identity Provider by running the following command:gcloud iam workload-identity-pools providers list --location global --workload-identity-pool anyscale-access-pool
ex:existing_workload_identity_provider_name = "projects/1234567890/locations/global/workloadIdentityPools/anyscale-access-pool/providers/anyscale-access-provider"
| `string` | `null` | no |
+| [labels](#input\_labels) | (Optional) A map of labels.
Labels to be added to all resources that accept labels.
Resource dependent labels will be appended to this list.
ex:labels = {
application = "Anyscale",
environment = "prod"
}Default is an empty map. | `map(string)` | `{}` | no |
+| [random\_char\_length](#input\_random\_char\_length) | (Optional) Random suffix character length
Determines the random suffix length that is used to generate a common name.
Certain Google resources have a hard limit on name lengths and this will allow
the ability to control how many characters are added as a suffix.
Many Google resources have a limit of 28 characters in length.
Keep that in mind while setting this value.
Must be >= 2 and <= 12.
ex:random_char_length = 4
| `number` | `4` | no |
+| [shared\_vpc\_project\_id](#input\_shared\_vpc\_project\_id) | (Optional) The ID of the project that hosts the shared VPC.
If provided, this will set the Project ID to the Shared VPC for the `google-anyscale-vpc-firewall` submodule.
An existing VPC Name (`existing_vpc_name`) and VPC Subnet Name (`existing_vpc_subnet_name`) are also required if this is provided.
ex:shared_vpc_project_id = "anyscale-sharedvpc"
| `string` | `null` | no |
+| [use\_common\_name](#input\_use\_common\_name) | (Optional) Determines if a standard name should be used across all resources.
- If set to true and `common_prefix` is also provided, the `common_prefix` will be used and prefixed to a common name.
- If set to true and `common_prefix` is not provided, the prefix will be `anyscale-`
- If set to true, this will also use a random suffix to avoid name collisions.
ex:use_common_name = true
| `bool` | `false` | no |
## Outputs
-| Name | Description |
-| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- |
-| [cloudstorage\_bucket\_name](#output\_cloudstorage\_bucket\_name) | The Google Cloud Storage bucket name. |
-| [cloudstorage\_bucket\_selflink](#output\_cloudstorage\_bucket\_selflink) | The Google Cloud Storage self link. |
-| [cloudstorage\_bucket\_url](#output\_cloudstorage\_bucket\_url) | The Google Cloud Storage url for the bucket. Will be in the format `gs://`. |
-| [filestore\_fileshare\_name](#output\_filestore\_fileshare\_name) | The Google Filestore fileshare name. |
-| [filestore\_id](#output\_filestore\_id) | The Google Filestore id. |
-| [filestore\_location](#output\_filestore\_location) | The Google Filestore location. |
-| [filestore\_name](#output\_filestore\_name) | The Google Filestore name. |
-| [iam\_anyscale\_access\_service\_acct\_email](#output\_iam\_anyscale\_access\_service\_acct\_email) | The Google IAM Anyscale Access Service Account email. |
-| [iam\_anyscale\_access\_service\_acct\_id](#output\_iam\_anyscale\_access\_service\_acct\_id) | The Google IAM Anyscale Access Service Account ID. |
-| [iam\_anyscale\_access\_service\_acct\_name](#output\_iam\_anyscale\_access\_service\_acct\_name) | The Google IAM Anyscale Access Service Account name. |
-| [iam\_anyscale\_access\_service\_acct\_unique\_id](#output\_iam\_anyscale\_access\_service\_acct\_unique\_id) | The Google IAM Anyscale Access Service Account unique id. |
-| [iam\_anyscale\_cluster\_node\_service\_acct\_email](#output\_iam\_anyscale\_cluster\_node\_service\_acct\_email) | The Google IAM Anyscale Cluster Node Service Account email. |
-| [iam\_anyscale\_cluster\_node\_service\_acct\_id](#output\_iam\_anyscale\_cluster\_node\_service\_acct\_id) | The Google IAM Anyscale Cluster Node Service Account ID. |
-| [iam\_anyscale\_cluster\_node\_service\_acct\_name](#output\_iam\_anyscale\_cluster\_node\_service\_acct\_name) | The Google IAM Anyscale Cluster Node Service Accpimt name. |
-| [iam\_anyscale\_cluster\_node\_service\_acct\_unique\_id](#output\_iam\_anyscale\_cluster\_node\_service\_acct\_unique\_id) | The Google IAM Anyscale Cluster Node Service Account unique id. |
-| [iam\_workload\_identity\_pool\_id](#output\_iam\_workload\_identity\_pool\_id) | The Google IAM Anyscale Workload Identity Pool id. |
-| [iam\_workload\_identity\_pool\_name](#output\_iam\_workload\_identity\_pool\_name) | The Google IAM Anyscale Workload Identity Pool name. |
-| [iam\_workload\_identity\_provider\_id](#output\_iam\_workload\_identity\_provider\_id) | The Google IAM Anyscale Workload Identity Provider id. |
-| [iam\_workload\_identity\_provider\_name](#output\_iam\_workload\_identity\_provider\_name) | The Google IAM Anyscale Workload Identity Provider name. |
-| [memorystore\_current\_location\_id](#output\_memorystore\_current\_location\_id) | The current zone where the Redis endpoint is placed. |
-| [memorystore\_host](#output\_memorystore\_host) | The IP address of the instance. |
-| [memorystore\_id](#output\_memorystore\_id) | The memorystore instance ID. |
-| [memorystore\_port](#output\_memorystore\_port) | The port number of the exposed Redis endpoint. |
-| [memorystore\_region](#output\_memorystore\_region) | The region the instance lives in. |
-| [private\_subnet\_cidr](#output\_private\_subnet\_cidr) | The Google VPC private subnet cidr. |
-| [private\_subnet\_id](#output\_private\_subnet\_id) | The Google VPC private subnet id. |
-| [private\_subnet\_name](#output\_private\_subnet\_name) | The Google VPC private subnet name. |
-| [private\_subnet\_region](#output\_private\_subnet\_region) | The Google VPC private subnet region. |
-| [project\_id](#output\_project\_id) | The Google Project id. |
-| [project\_name](#output\_project\_name) | The Google Project name. |
-| [public\_subnet\_cidr](#output\_public\_subnet\_cidr) | The Google VPC public subnet cidr. |
-| [public\_subnet\_id](#output\_public\_subnet\_id) | The Google VPC public subnet id. |
-| [public\_subnet\_name](#output\_public\_subnet\_name) | The Google VPC public subnet name. |
-| [public\_subnet\_region](#output\_public\_subnet\_region) | The Google VPC public subnet region. |
-| [vpc\_firewall\_id](#output\_vpc\_firewall\_id) | The Google VPC firewall policy id. |
-| [vpc\_firewall\_policy\_name](#output\_vpc\_firewall\_policy\_name) | The Google VPC firewall policy name. |
-| [vpc\_firewall\_selflink](#output\_vpc\_firewall\_selflink) | The Google VPC firewall policy self link. |
-| [vpc\_id](#output\_vpc\_id) | The Google VPC id. |
-| [vpc\_name](#output\_vpc\_name) | The Google VPC network name. |
-| [vpc\_selflink](#output\_vpc\_selflink) | The Google VPC self link. |
+| Name | Description |
+|------|-------------|
+| [cloudstorage\_bucket\_name](#output\_cloudstorage\_bucket\_name) | The Google Cloud Storage bucket name. |
+| [cloudstorage\_bucket\_selflink](#output\_cloudstorage\_bucket\_selflink) | The Google Cloud Storage self link. |
+| [cloudstorage\_bucket\_url](#output\_cloudstorage\_bucket\_url) | The Google Cloud Storage url for the bucket. Will be in the format `gs://`. |
+| [filestore\_fileshare\_name](#output\_filestore\_fileshare\_name) | The Google Filestore fileshare name. |
+| [filestore\_id](#output\_filestore\_id) | The Google Filestore id. |
+| [filestore\_location](#output\_filestore\_location) | The Google Filestore location. |
+| [filestore\_name](#output\_filestore\_name) | The Google Filestore name. |
+| [iam\_anyscale\_access\_service\_acct\_email](#output\_iam\_anyscale\_access\_service\_acct\_email) | The Google IAM Anyscale Access Service Account email. |
+| [iam\_anyscale\_access\_service\_acct\_id](#output\_iam\_anyscale\_access\_service\_acct\_id) | The Google IAM Anyscale Access Service Account ID. |
+| [iam\_anyscale\_access\_service\_acct\_name](#output\_iam\_anyscale\_access\_service\_acct\_name) | The Google IAM Anyscale Access Service Account name. |
+| [iam\_anyscale\_access\_service\_acct\_unique\_id](#output\_iam\_anyscale\_access\_service\_acct\_unique\_id) | The Google IAM Anyscale Access Service Account unique id. |
+| [iam\_anyscale\_cluster\_node\_service\_acct\_email](#output\_iam\_anyscale\_cluster\_node\_service\_acct\_email) | The Google IAM Anyscale Cluster Node Service Account email. |
+| [iam\_anyscale\_cluster\_node\_service\_acct\_id](#output\_iam\_anyscale\_cluster\_node\_service\_acct\_id) | The Google IAM Anyscale Cluster Node Service Account ID. |
+| [iam\_anyscale\_cluster\_node\_service\_acct\_name](#output\_iam\_anyscale\_cluster\_node\_service\_acct\_name) | The Google IAM Anyscale Cluster Node Service Accpimt name. |
+| [iam\_anyscale\_cluster\_node\_service\_acct\_unique\_id](#output\_iam\_anyscale\_cluster\_node\_service\_acct\_unique\_id) | The Google IAM Anyscale Cluster Node Service Account unique id. |
+| [iam\_workload\_identity\_pool\_id](#output\_iam\_workload\_identity\_pool\_id) | The Google IAM Anyscale Workload Identity Pool id. |
+| [iam\_workload\_identity\_pool\_name](#output\_iam\_workload\_identity\_pool\_name) | The Google IAM Anyscale Workload Identity Pool name. |
+| [iam\_workload\_identity\_provider\_id](#output\_iam\_workload\_identity\_provider\_id) | The Google IAM Anyscale Workload Identity Provider id. |
+| [iam\_workload\_identity\_provider\_name](#output\_iam\_workload\_identity\_provider\_name) | The Google IAM Anyscale Workload Identity Provider name. |
+| [memorystore\_current\_location\_id](#output\_memorystore\_current\_location\_id) | The current zone where the Redis endpoint is placed. |
+| [memorystore\_host](#output\_memorystore\_host) | The IP address of the instance. |
+| [memorystore\_id](#output\_memorystore\_id) | The memorystore instance ID. |
+| [memorystore\_port](#output\_memorystore\_port) | The port number of the exposed Redis endpoint. |
+| [memorystore\_region](#output\_memorystore\_region) | The region the instance lives in. |
+| [private\_subnet\_cidr](#output\_private\_subnet\_cidr) | The Google VPC private subnet cidr. |
+| [private\_subnet\_id](#output\_private\_subnet\_id) | The Google VPC private subnet id. |
+| [private\_subnet\_name](#output\_private\_subnet\_name) | The Google VPC private subnet name. |
+| [private\_subnet\_region](#output\_private\_subnet\_region) | The Google VPC private subnet region. |
+| [project\_id](#output\_project\_id) | The Google Project id. |
+| [project\_name](#output\_project\_name) | The Google Project name. |
+| [public\_subnet\_cidr](#output\_public\_subnet\_cidr) | The Google VPC public subnet cidr. |
+| [public\_subnet\_id](#output\_public\_subnet\_id) | The Google VPC public subnet id. |
+| [public\_subnet\_name](#output\_public\_subnet\_name) | The Google VPC public subnet name. |
+| [public\_subnet\_region](#output\_public\_subnet\_region) | The Google VPC public subnet region. |
+| [vpc\_firewall\_id](#output\_vpc\_firewall\_id) | The Google VPC firewall policy id. |
+| [vpc\_firewall\_policy\_name](#output\_vpc\_firewall\_policy\_name) | The Google VPC firewall policy name. |
+| [vpc\_firewall\_selflink](#output\_vpc\_firewall\_selflink) | The Google VPC firewall policy self link. |
+| [vpc\_id](#output\_vpc\_id) | The Google VPC id. |
+| [vpc\_name](#output\_vpc\_name) | The Google VPC network name. |
+| [vpc\_selflink](#output\_vpc\_selflink) | The Google VPC self link. |
[Terraform]: https://www.terraform.io
+[OpenTofu]: https://opentofu.org/
[Issues]: https://github.com/anyscale/terraform-google-anyscale-cloudfoundation-modules/issues
[badge-build]: https://github.com/anyscale/terraform-google-anyscale-cloudfoundation-modules/workflows/CI/CD%20Pipeline/badge.svg
[badge-terraform]: https://img.shields.io/badge/terraform-1.x%20-623CE4.svg?logo=terraform
-[badge-tf-google]: https://img.shields.io/badge/Google-4.+-F8991D.svg?logo=terraform
+[badge-opentofu]: https://img.shields.io/badge/opentofu-1.x%20-623CE4.svg?logo=terraform
+[badge-tf-google]: https://img.shields.io/badge/Google-5.+-F8991D.svg?logo=terraform
[build-status]: https://github.com/anyscale/terraform-google-anyscale-cloudfoundation-modules/actions
diff --git a/examples/anyscale-v2-commonname/README.md b/examples/anyscale-v2-commonname/README.md
index 97b204e..292fcb4 100644
--- a/examples/anyscale-v2-commonname/README.md
+++ b/examples/anyscale-v2-commonname/README.md
@@ -19,7 +19,7 @@ Since this creates a new project, the user/role that is executing this example n
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
@@ -54,4 +54,5 @@ No resources.
| Name | Description |
|------|-------------|
| [registration\_command](#output\_registration\_command) | The Anyscale registration command. |
+| [vpc\_id](#output\_vpc\_id) | The ID of the VPC. |
diff --git a/examples/anyscale-v2-commonname/main.tf b/examples/anyscale-v2-commonname/main.tf
index 5b3c93d..3d5295e 100644
--- a/examples/anyscale-v2-commonname/main.tf
+++ b/examples/anyscale-v2-commonname/main.tf
@@ -42,4 +42,7 @@ module "google_anyscale_v2_commonname" {
# Cloud Storage (Bucket) Related
anyscale_bucket_location = "US"
+
+ # Enable Cloud Logging on GCP - this will enable sending logs and metrics to GCP Logs and Monitoring
+ enable_cloud_logging_monitoring = "true"
}
diff --git a/examples/anyscale-v2-commonname/outputs.tf b/examples/anyscale-v2-commonname/outputs.tf
index 4c88c1d..62cc88a 100644
--- a/examples/anyscale-v2-commonname/outputs.tf
+++ b/examples/anyscale-v2-commonname/outputs.tf
@@ -17,3 +17,8 @@ output "registration_command" {
EOT
}
#
+
+output "vpc_id" {
+ description = "The ID of the VPC."
+ value = module.google_anyscale_v2_commonname.vpc_id
+}
diff --git a/examples/anyscale-v2-commonname/versions.tf b/examples/anyscale-v2-commonname/versions.tf
index 763888a..8550449 100644
--- a/examples/anyscale-v2-commonname/versions.tf
+++ b/examples/anyscale-v2-commonname/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/examples/anyscale-v2-existingidentityfederation/README.md b/examples/anyscale-v2-existingidentityfederation/README.md
index 1fd680e..ae5aa27 100644
--- a/examples/anyscale-v2-existingidentityfederation/README.md
+++ b/examples/anyscale-v2-existingidentityfederation/README.md
@@ -18,7 +18,7 @@ Creates a v2 stack including:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/examples/anyscale-v2-existingidentityfederation/versions.tf b/examples/anyscale-v2-existingidentityfederation/versions.tf
index 763888a..8550449 100644
--- a/examples/anyscale-v2-existingidentityfederation/versions.tf
+++ b/examples/anyscale-v2-existingidentityfederation/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/examples/anyscale-v2-existingproject/README.md b/examples/anyscale-v2-existingproject/README.md
index e09d059..c75907b 100644
--- a/examples/anyscale-v2-existingproject/README.md
+++ b/examples/anyscale-v2-existingproject/README.md
@@ -18,7 +18,7 @@ Creates a v2 stack including:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/examples/anyscale-v2-existingproject/versions.tf b/examples/anyscale-v2-existingproject/versions.tf
index 763888a..8550449 100644
--- a/examples/anyscale-v2-existingproject/versions.tf
+++ b/examples/anyscale-v2-existingproject/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/examples/anyscale-v2-kitchensink/README.md b/examples/anyscale-v2-kitchensink/README.md
index af8c0da..deb2712 100644
--- a/examples/anyscale-v2-kitchensink/README.md
+++ b/examples/anyscale-v2-kitchensink/README.md
@@ -22,7 +22,7 @@ WIP
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/examples/anyscale-v2-kitchensink/versions.tf b/examples/anyscale-v2-kitchensink/versions.tf
index 763888a..8550449 100644
--- a/examples/anyscale-v2-kitchensink/versions.tf
+++ b/examples/anyscale-v2-kitchensink/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/examples/anyscale-v2-privatenetwork/README.md b/examples/anyscale-v2-privatenetwork/README.md
index 49e975d..f5b49e8 100644
--- a/examples/anyscale-v2-privatenetwork/README.md
+++ b/examples/anyscale-v2-privatenetwork/README.md
@@ -23,7 +23,7 @@ via a jumpbox.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/examples/anyscale-v2-privatenetwork/versions.tf b/examples/anyscale-v2-privatenetwork/versions.tf
index 763888a..8550449 100644
--- a/examples/anyscale-v2-privatenetwork/versions.tf
+++ b/examples/anyscale-v2-privatenetwork/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/examples/anyscale-v2-vpc-shared/README.md b/examples/anyscale-v2-vpc-shared/README.md
index cfdbc6c..98fe2e7 100644
--- a/examples/anyscale-v2-vpc-shared/README.md
+++ b/examples/anyscale-v2-vpc-shared/README.md
@@ -33,7 +33,7 @@ Once the Anyscale Access Service Account has been created, additionally, the ser
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/examples/anyscale-v2-vpc-shared/versions.tf b/examples/anyscale-v2-vpc-shared/versions.tf
index 763888a..8550449 100644
--- a/examples/anyscale-v2-vpc-shared/versions.tf
+++ b/examples/anyscale-v2-vpc-shared/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/examples/anyscale-v2/README.md b/examples/anyscale-v2/README.md
index 36f52c2..3b31197 100644
--- a/examples/anyscale-v2/README.md
+++ b/examples/anyscale-v2/README.md
@@ -17,7 +17,7 @@ Creates a v2 stack including:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/examples/anyscale-v2/versions.tf b/examples/anyscale-v2/versions.tf
index 763888a..8550449 100644
--- a/examples/anyscale-v2/versions.tf
+++ b/examples/anyscale-v2/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/main.tf b/main.tf
index 4cc3a9d..da3e8f5 100644
--- a/main.tf
+++ b/main.tf
@@ -80,9 +80,15 @@ module "google_anyscale_cloudapis" {
# VPC (Networking) Module
# ------------------------------
locals {
+ google_region = data.google_client_config.current.region
+
vpc_name = var.anyscale_vpc_name != null ? var.anyscale_vpc_name : var.anyscale_vpc_name_prefix != null ? null : local.common_name
vpc_name_prefix = coalesce(var.anyscale_vpc_name_prefix, var.common_prefix, "anyscale-vpc-")
+ public_subnet_name = coalesce(var.anyscale_vpc_public_subnet_name, try("${local.vpc_name}-${local.google_region}-${var.anyscale_vpc_public_subnet_suffix}", null), "anyscale-vpc-subnet-public")
+ private_subnet_name = coalesce(var.anyscale_vpc_private_subnet_name, try("${local.vpc_name}-${local.google_region}-${var.anyscale_vpc_private_subnet_suffix}", null), "anyscale-vpc-subnet-private")
+ proxy_subnet_name = coalesce(var.anyscale_vpc_proxy_subnet_name, try("${local.vpc_name}-${local.google_region}-${var.anyscale_vpc_proxy_subnet_suffix}", null), "anyscale-vpc-subnet-proxy")
+
anyscale_private_subnet_count = var.anyscale_vpc_private_subnet_cidr != null ? 1 : 0
anyscale_proxy_subnet_count = var.anyscale_vpc_proxy_subnet_cidr != null ? 1 : 0
anyscale_public_subnet_count = var.anyscale_vpc_public_subnet_cidr != null ? 1 : 0
@@ -105,9 +111,14 @@ module "google_anyscale_vpc" {
enable_random_name_suffix = local.enable_module_random_name_suffix
vpc_description = var.anyscale_vpc_description
- public_subnet_cidr = var.anyscale_vpc_public_subnet_cidr
+ public_subnet_cidr = var.anyscale_vpc_public_subnet_cidr
+ public_subnet_name = local.public_subnet_name
+
private_subnet_cidr = var.anyscale_vpc_private_subnet_cidr
- proxy_subnet_cidr = var.anyscale_vpc_proxy_subnet_cidr
+ private_subnet_name = local.private_subnet_name
+
+ proxy_subnet_cidr = var.anyscale_vpc_proxy_subnet_cidr
+ proxy_subnet_name = local.proxy_subnet_name
create_nat = local.create_nat_gw
}
@@ -155,6 +166,7 @@ module "google_anyscale_vpc_firewall_policy" {
anyscale_project_id = local.vpc_project_id
vpc_name = coalesce(var.existing_vpc_name, module.google_anyscale_vpc.vpc_name)
+ vpc_id = coalesce(var.existing_vpc_id, module.google_anyscale_vpc.vpc_id)
firewall_policy_name = local.firewall_policy_name
firewall_policy_description = var.anyscale_vpc_firewall_policy_description
diff --git a/modules/google-anyscale-cloudapis/README.md b/modules/google-anyscale-cloudapis/README.md
index 9f32e5b..6558a17 100644
--- a/modules/google-anyscale-cloudapis/README.md
+++ b/modules/google-anyscale-cloudapis/README.md
@@ -3,13 +3,15 @@
[![Google Provider Version][badge-tf-google]](https://github.com/terraform-providers/terraform-provider-google/releases)
# google-anyscale-cloud-apis
+This sub-module enables the GCP APIs required for the Anyscale Platform. It should be used from the [root module](../../README.md).
+
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
@@ -36,8 +38,8 @@ No modules.
| [anyscale\_activate\_optional\_apis](#input\_anyscale\_activate\_optional\_apis) | (Optional) Optional APIs to activate.
A list of optional apis to activate within the project.
ex:anyscale_activate_optional_apis = [
"cloudkms.googleapis.com",
"containerregistry.googleapis.com",
"logging.googleapis.com",
"monitoring.googleapis.com",
"redis.googleapis.com",
]
| `list(string)` | `[]` | no |
| [anyscale\_activate\_required\_apis](#input\_anyscale\_activate\_required\_apis) | (Optional) The list of apis to activate within the project.
Default enables APIs for compute, filestore, and storage. | `list(string)` | [
"compute.googleapis.com",
"file.googleapis.com",
"storage-component.googleapis.com",
"storage.googleapis.com",
"certificatemanager.googleapis.com",
"cloudresourcemanager.googleapis.com",
"serviceusage.googleapis.com",
"deploymentmanager.googleapis.com"
]
| no |
| [anyscale\_project\_id](#input\_anyscale\_project\_id) | (Optional) The ID of the project to create the resource in. If not provided, the provider project is used. Default is `null`. | `string` | `null` | no |
-| [disable\_dependent\_services](#input\_disable\_dependent\_services) | (Optional) Determines if services that are enabled and which depend on this service should also be disabled when this service is destroyed.
More information in the [terraform documentation](https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_dependent_services). | `bool` | `true` | no |
-| [disable\_services\_on\_destroy](#input\_disable\_services\_on\_destroy) | (Optional) Determines if project services will be disabled when the resources are destroyed.
More information in the [terraform documentation](https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy).
Default is `true`. | `bool` | `true` | no |
+| [disable\_dependent\_services](#input\_disable\_dependent\_services) | (Optional) Determines if services that are enabled and which depend on this service should also be disabled when this service is destroyed.
More information in the [terraform documentation](https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_dependent_services).
Setting to `true` can cause errors if disabling optional services that are required by other services.
ex:disable_dependent_services = true
| `bool` | `false` | no |
+| [disable\_services\_on\_destroy](#input\_disable\_services\_on\_destroy) | (Optional) Determines if project services will be disabled when the resources are destroyed.
More information in the [terraform documentation](https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy).
Setting to `true` can cause errors if removing optional services that are required by other services.
ex:disable_services_on_destroy = true
| `bool` | `false` | no |
| [module\_enabled](#input\_module\_enabled) | (Optional) Determines whether to create the resources inside this module. Default is `true`. | `bool` | `true` | no |
## Outputs
@@ -52,5 +54,5 @@ No modules.
[Issues]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/issues
[badge-build]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/workflows/CI/CD%20Pipeline/badge.svg
[badge-terraform]: https://img.shields.io/badge/terraform-1.x%20-623CE4.svg?logo=terraform
-[badge-tf-google]: https://img.shields.io/badge/GCP-4.+-F8991D.svg?logo=terraform
+[badge-tf-google]: https://img.shields.io/badge/GCP-5.+-F8991D.svg?logo=terraform
[build-status]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/actions
diff --git a/modules/google-anyscale-cloudapis/examples/README.md b/modules/google-anyscale-cloudapis/examples/README.md
index fcb8a33..617efe0 100644
--- a/modules/google-anyscale-cloudapis/examples/README.md
+++ b/modules/google-anyscale-cloudapis/examples/README.md
@@ -6,7 +6,7 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
| [google-beta](#requirement\_google-beta) | ~> 4.0 |
## Providers
diff --git a/modules/google-anyscale-cloudapis/examples/versions.tf b/modules/google-anyscale-cloudapis/examples/versions.tf
index db1ff8c..cd7348d 100644
--- a/modules/google-anyscale-cloudapis/examples/versions.tf
+++ b/modules/google-anyscale-cloudapis/examples/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
google-beta = {
source = "hashicorp/google-beta"
diff --git a/modules/google-anyscale-cloudapis/main.tf b/modules/google-anyscale-cloudapis/main.tf
index 59b2de0..1a5e9a0 100644
--- a/modules/google-anyscale-cloudapis/main.tf
+++ b/modules/google-anyscale-cloudapis/main.tf
@@ -42,6 +42,12 @@ resource "google_project_service" "anyscale_optional_apis" {
service = each.value
disable_on_destroy = var.disable_services_on_destroy
disable_dependent_services = var.disable_dependent_services
+
+ lifecycle {
+ ignore_changes = [
+ service, # Ignore changes to the service itself
+ ]
+ }
}
# **************************************************
diff --git a/modules/google-anyscale-cloudapis/variables.tf b/modules/google-anyscale-cloudapis/variables.tf
index 4ea7c50..c3bdc3f 100644
--- a/modules/google-anyscale-cloudapis/variables.tf
+++ b/modules/google-anyscale-cloudapis/variables.tf
@@ -67,37 +67,36 @@ variable "anyscale_activate_optional_apis" {
default = []
}
-# variable "activate_api_identities" {
-# description = <<-EOT
-# (Optional)
-# The list of service identities (Google Managed service account for the API) to force-create for the project (e.g. in order to grant additional roles).
-# APIs in this list will automatically be appended to `anyscale_activate_apis`.
-# Not including the API in this list will follow the default behaviour for identity creation (which is usually when the first resource using the API is created).
-# Any roles (e.g. service agent role) must be explicitly listed. See https://cloud.google.com/iam/docs/understanding-roles#service-agent-roles-roles for a list of related roles.
-# Default is an empty list.
-# EOT
-# type = list(object({
-# api = string
-# roles = list(string)
-# }))
-# default = []
-# }
-
variable "disable_services_on_destroy" {
description = <<-EOT
(Optional) Determines if project services will be disabled when the resources are destroyed.
+
More information in the [terraform documentation](https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy).
- Default is `true`.
+
+ Setting to `true` can cause errors if removing optional services that are required by other services.
+
+ ex:
+ ```
+ disable_services_on_destroy = true
+ ```
EOT
type = bool
- default = true
+ default = false
}
variable "disable_dependent_services" {
description = <<-EOT
(Optional) Determines if services that are enabled and which depend on this service should also be disabled when this service is destroyed.
+
More information in the [terraform documentation](https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_dependent_services).
+
+ Setting to `true` can cause errors if disabling optional services that are required by other services.
+
+ ex:
+ ```
+ disable_dependent_services = true
+ ```
EOT
- default = true
type = bool
+ default = false
}
diff --git a/modules/google-anyscale-cloudapis/versions.tf b/modules/google-anyscale-cloudapis/versions.tf
index 25edebe..48c802e 100644
--- a/modules/google-anyscale-cloudapis/versions.tf
+++ b/modules/google-anyscale-cloudapis/versions.tf
@@ -4,11 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
- # google-beta = {
- # source = "hashicorp/google-beta"
- # version = "~> 4.0"
- # }
}
}
diff --git a/modules/google-anyscale-cloudstorage/README.md b/modules/google-anyscale-cloudstorage/README.md
index ad22e3e..ef97b16 100644
--- a/modules/google-anyscale-cloudstorage/README.md
+++ b/modules/google-anyscale-cloudstorage/README.md
@@ -3,7 +3,7 @@
[![Google Provider Version][badge-tf-google]](https://github.com/terraform-providers/terraform-provider-google/releases)
# google-anyscale-cloudstorage
-This builds the Google Cloudstorage bucket used by Anyscale.
+This sub-module builds the Google Cloudstorage bucket used by Anyscale. It should be used from the [root module](../../README.md).
See the examples folder for how to use.
@@ -13,7 +13,7 @@ See the examples folder for how to use.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
| [random](#requirement\_random) | ~> 3.0 |
## Providers
@@ -75,5 +75,5 @@ No modules.
[Issues]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/issues
[badge-build]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/workflows/CI/CD%20Pipeline/badge.svg
[badge-terraform]: https://img.shields.io/badge/terraform-1.x%20-623CE4.svg?logo=terraform
-[badge-tf-google]: https://img.shields.io/badge/GCP-4.+-F8991D.svg?logo=terraform
+[badge-tf-google]: https://img.shields.io/badge/GCP-5.+-F8991D.svg?logo=terraform
[build-status]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/actions
diff --git a/modules/google-anyscale-cloudstorage/examples/README.md b/modules/google-anyscale-cloudstorage/examples/README.md
index 8b96e62..a68bc49 100644
--- a/modules/google-anyscale-cloudstorage/examples/README.md
+++ b/modules/google-anyscale-cloudstorage/examples/README.md
@@ -28,7 +28,7 @@ This should NOT build any cloudstorage resources and is here for unit testing.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/modules/google-anyscale-cloudstorage/examples/main.tf b/modules/google-anyscale-cloudstorage/examples/main.tf
index c56741e..8c6c2f7 100644
--- a/modules/google-anyscale-cloudstorage/examples/main.tf
+++ b/modules/google-anyscale-cloudstorage/examples/main.tf
@@ -96,8 +96,8 @@ module "kitchen_sink" {
}
bucket_iam_binding_members = [
- "serviceAccount:${module.kitchen_sink_iam.iam_anyscale_access_role_email}",
- "serviceAccount:${module.kitchen_sink_iam.iam_anyscale_cluster_node_role_email}"
+ "serviceAccount:${module.kitchen_sink_iam.iam_anyscale_access_service_acct_email}",
+ "serviceAccount:${module.kitchen_sink_iam.iam_anyscale_cluster_node_service_acct_email}"
]
bucket_iam_binding_override_roles = [
diff --git a/modules/google-anyscale-cloudstorage/examples/versions.tf b/modules/google-anyscale-cloudstorage/examples/versions.tf
index d3ea173..4ac3b53 100644
--- a/modules/google-anyscale-cloudstorage/examples/versions.tf
+++ b/modules/google-anyscale-cloudstorage/examples/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/modules/google-anyscale-cloudstorage/versions.tf b/modules/google-anyscale-cloudstorage/versions.tf
index 26c4bad..ceb1c1e 100644
--- a/modules/google-anyscale-cloudstorage/versions.tf
+++ b/modules/google-anyscale-cloudstorage/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
random = {
source = "hashicorp/random"
diff --git a/modules/google-anyscale-filestore/README.md b/modules/google-anyscale-filestore/README.md
index 5d0591d..acab82b 100644
--- a/modules/google-anyscale-filestore/README.md
+++ b/modules/google-anyscale-filestore/README.md
@@ -3,13 +3,15 @@
[![Google Provider Version][badge-tf-google]](https://github.com/terraform-providers/terraform-provider-google/releases)
# google-anyscale-filestore
+This sub-module creates a Filestore instance which is required for the Anyscale Platform. It should be used from the [root module](../../README.md).
+
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
| [random](#requirement\_random) | ~> 3.0 |
## Providers
@@ -71,5 +73,5 @@ No modules.
[Issues]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/issues
[badge-build]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/workflows/CI/CD%20Pipeline/badge.svg
[badge-terraform]: https://img.shields.io/badge/terraform-1.x%20-623CE4.svg?logo=terraform
-[badge-tf-google]: https://img.shields.io/badge/GCP-4.+-F8991D.svg?logo=terraform
+[badge-tf-google]: https://img.shields.io/badge/GCP-5.+-F8991D.svg?logo=terraform
[build-status]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/actions
diff --git a/modules/google-anyscale-filestore/examples/README.md b/modules/google-anyscale-filestore/examples/README.md
index c9b153f..ec52529 100644
--- a/modules/google-anyscale-filestore/examples/README.md
+++ b/modules/google-anyscale-filestore/examples/README.md
@@ -9,7 +9,7 @@ This resource takes approximately 10 minutes to create the filestore if it's in
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/modules/google-anyscale-filestore/examples/versions.tf b/modules/google-anyscale-filestore/examples/versions.tf
index 5e29bc5..43e528e 100644
--- a/modules/google-anyscale-filestore/examples/versions.tf
+++ b/modules/google-anyscale-filestore/examples/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/modules/google-anyscale-filestore/versions.tf b/modules/google-anyscale-filestore/versions.tf
index 26c4bad..ceb1c1e 100644
--- a/modules/google-anyscale-filestore/versions.tf
+++ b/modules/google-anyscale-filestore/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
random = {
source = "hashicorp/random"
diff --git a/modules/google-anyscale-iam/README.md b/modules/google-anyscale-iam/README.md
index b8b5b3d..b862a4e 100644
--- a/modules/google-anyscale-iam/README.md
+++ b/modules/google-anyscale-iam/README.md
@@ -3,13 +3,15 @@
[![Google Provider Version][badge-tf-google]](https://github.com/terraform-providers/terraform-provider-google/releases)
# google-anyscale-iam
+This sub-module creates IAM related resources required for the Anyscale Platform. It should be used from the [root module](../../README.md).
+
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
| [random](#requirement\_random) | ~> 3.0 |
## Providers
@@ -97,5 +99,5 @@ No modules.
[Issues]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/issues
[badge-build]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/workflows/CI/CD%20Pipeline/badge.svg
[badge-terraform]: https://img.shields.io/badge/terraform-1.x%20-623CE4.svg?logo=terraform
-[badge-tf-aws]: https://img.shields.io/badge/AWS-4.+-F8991D.svg?logo=terraform
+[badge-tf-aws]: https://img.shields.io/badge/AWS-5.+-F8991D.svg?logo=terraform
[build-status]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/actions
diff --git a/modules/google-anyscale-iam/examples/README.md b/modules/google-anyscale-iam/examples/README.md
index 9079c2f..29548ab 100644
--- a/modules/google-anyscale-iam/examples/README.md
+++ b/modules/google-anyscale-iam/examples/README.md
@@ -6,7 +6,7 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/modules/google-anyscale-iam/examples/versions.tf b/modules/google-anyscale-iam/examples/versions.tf
index 04edf86..48c802e 100644
--- a/modules/google-anyscale-iam/examples/versions.tf
+++ b/modules/google-anyscale-iam/examples/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/modules/google-anyscale-iam/versions.tf b/modules/google-anyscale-iam/versions.tf
index 26c4bad..ceb1c1e 100644
--- a/modules/google-anyscale-iam/versions.tf
+++ b/modules/google-anyscale-iam/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
random = {
source = "hashicorp/random"
diff --git a/modules/google-anyscale-memorystore/README.md b/modules/google-anyscale-memorystore/README.md
index b5e75e5..7bf1ec4 100644
--- a/modules/google-anyscale-memorystore/README.md
+++ b/modules/google-anyscale-memorystore/README.md
@@ -3,7 +3,7 @@
[![Google Provider Version][badge-tf-google]](https://github.com/terraform-providers/terraform-provider-google/releases)
# google-anyscale-memorystore
-Optional sub-module that creates a Google Memorystore Redis DB.
+This optional sub-module that creates a Google Memorystore Redis DB. It should be used from the [root module](../../README.md).
## Requirements
@@ -11,7 +11,7 @@ Optional sub-module that creates a Google Memorystore Redis DB.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
| [random](#requirement\_random) | ~> 3.0 |
## Providers
@@ -77,5 +77,5 @@ No modules.
[Issues]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/issues
[badge-build]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/workflows/CI/CD%20Pipeline/badge.svg
[badge-terraform]: https://img.shields.io/badge/terraform-1.x%20-623CE4.svg?logo=terraform
-[badge-tf-google]: https://img.shields.io/badge/GCP-4.+-F8991D.svg?logo=terraform
+[badge-tf-google]: https://img.shields.io/badge/GCP-5.+-F8991D.svg?logo=terraform
[build-status]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/actions
diff --git a/modules/google-anyscale-memorystore/examples/README.md b/modules/google-anyscale-memorystore/examples/README.md
index 507d78c..bbcc38e 100644
--- a/modules/google-anyscale-memorystore/examples/README.md
+++ b/modules/google-anyscale-memorystore/examples/README.md
@@ -9,7 +9,7 @@ This resource takes approximately 10 minutes to create the memorystore
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/modules/google-anyscale-memorystore/examples/versions.tf b/modules/google-anyscale-memorystore/examples/versions.tf
index 5e29bc5..43e528e 100644
--- a/modules/google-anyscale-memorystore/examples/versions.tf
+++ b/modules/google-anyscale-memorystore/examples/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/modules/google-anyscale-memorystore/versions.tf b/modules/google-anyscale-memorystore/versions.tf
index 26c4bad..ceb1c1e 100644
--- a/modules/google-anyscale-memorystore/versions.tf
+++ b/modules/google-anyscale-memorystore/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
random = {
source = "hashicorp/random"
diff --git a/modules/google-anyscale-project/README.md b/modules/google-anyscale-project/README.md
index 84e5dcb..84ef41e 100644
--- a/modules/google-anyscale-project/README.md
+++ b/modules/google-anyscale-project/README.md
@@ -2,7 +2,8 @@
[![Terraform Version][badge-terraform]](https://github.com/hashicorp/terraform/releases)
[![Google Provider Version][badge-tf-google]](https://github.com/terraform-providers/terraform-provider-google/releases)
# google-anyscale-project
-Creates a new Google Cloud Project for Anyscale Resources
+
+This sub-module creates a new Google Cloud Project for Anyscale Resources. It should be used from the [root module](../../README.md).
## Requirements
@@ -10,7 +11,7 @@ Creates a new Google Cloud Project for Anyscale Resources
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
| [random](#requirement\_random) | ~> 3.0 |
## Providers
@@ -61,5 +62,5 @@ No modules.
[Issues]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/issues
[badge-build]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/workflows/CI/CD%20Pipeline/badge.svg
[badge-terraform]: https://img.shields.io/badge/terraform-1.x%20-623CE4.svg?logo=terraform
-[badge-tf-google]: https://img.shields.io/badge/GCP-4.+-F8991D.svg?logo=terraform
+[badge-tf-google]: https://img.shields.io/badge/GCP-5.+-F8991D.svg?logo=terraform
[build-status]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/actions
diff --git a/modules/google-anyscale-project/examples/README.md b/modules/google-anyscale-project/examples/README.md
index cc90716..5e47148 100644
--- a/modules/google-anyscale-project/examples/README.md
+++ b/modules/google-anyscale-project/examples/README.md
@@ -18,7 +18,7 @@ This example does not create any resources or outputs.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
| [random](#requirement\_random) | ~> 3.0 |
## Providers
diff --git a/modules/google-anyscale-project/examples/versions.tf b/modules/google-anyscale-project/examples/versions.tf
index 56b7e7f..b5ba002 100644
--- a/modules/google-anyscale-project/examples/versions.tf
+++ b/modules/google-anyscale-project/examples/versions.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
random = {
source = "hashicorp/random"
diff --git a/modules/google-anyscale-project/versions.tf b/modules/google-anyscale-project/versions.tf
index 26c4bad..ceb1c1e 100644
--- a/modules/google-anyscale-project/versions.tf
+++ b/modules/google-anyscale-project/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
random = {
source = "hashicorp/random"
diff --git a/modules/google-anyscale-vpc-firewall/README.md b/modules/google-anyscale-vpc-firewall/README.md
index 86530b3..2845cba 100644
--- a/modules/google-anyscale-vpc-firewall/README.md
+++ b/modules/google-anyscale-vpc-firewall/README.md
@@ -3,7 +3,7 @@
[![Google Provider Version][badge-tf-google]](https://github.com/terraform-providers/terraform-provider-google/releases)
# google-anyscale-vpc-firewall
-This sub-module builds Google VPC Firewalls that will work with Anyscale.
+This sub-module builds Google VPC Firewalls that will work with Anyscale. It should be used from the [root module](../../README.md).
## Requirements
@@ -11,7 +11,7 @@ This sub-module builds Google VPC Firewalls that will work with Anyscale.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
| [random](#requirement\_random) | ~> 3.0 |
## Providers
@@ -33,7 +33,6 @@ No modules.
| [google_compute_network_firewall_policy_rule.ingress_allow_from_cidr_blocks](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network_firewall_policy_rule) | resource |
| [google_compute_network_firewall_policy_rule.ingress_allow_from_gcp_health_checks](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network_firewall_policy_rule) | resource |
| [google_compute_network_firewall_policy_rule.ingress_with_self](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network_firewall_policy_rule) | resource |
-| [google_compute_network.anyscale_vpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_network) | data source |
## Inputs
@@ -50,6 +49,7 @@ No modules.
| [ingress\_with\_self\_map](#input\_ingress\_with\_self\_map) | (Optional) List of ingress rules to create where 'self' is defined.
Default rule is `all-all` as this firewall rule is used for all Anyscale resources.
ex:ingress_with_self_map = [
{
rule = "https-443-tcp"
},
{
rule = "http-80-tcp"
},
{
rule = "ssh-tcp"
},
{
rule = "nfs-tcp"
}
]
| `list(map(string))` | [
{
"rule": "all-all"
}
]
| no |
| [module\_enabled](#input\_module\_enabled) | (Optional) Determines whether to create the resources inside this module.
ex:module_enabled = true
| `bool` | `true` | no |
| [predefined\_firewall\_rules](#input\_predefined\_firewall\_rules) | (Required) Map of predefined firewall rules. | `map(list(any))` | {
"all-all": [
"",
"all",
"All protocols",
1000
],
"health-checks": [
8000,
"tcp",
"Health Checks",
1005
],
"http-80-tcp": [
80,
"tcp",
"HTTP",
1001
],
"https-443-tcp": [
443,
"tcp",
"HTTPS",
1002
],
"nfs-tcp": [
2049,
"tcp",
"NFS/EFS",
1004
],
"ssh-tcp": [
22,
"tcp",
"SSH",
1003
]
} | no |
+| [vpc\_id](#input\_vpc\_id) | (Required) The ID of the VPC to apply the Firewall Policy to.
ex:vpc_id = "projects/anyscale/global/networks/anyscale-network"
| `string` | n/a | yes |
| [vpc\_name](#input\_vpc\_name) | (Required) The name of the VPC to apply the Firewall Policy to.
ex:vpc_name = "anyscale-vpc"
| `string` | n/a | yes |
## Outputs
diff --git a/modules/google-anyscale-vpc-firewall/data.tf b/modules/google-anyscale-vpc-firewall/data.tf
deleted file mode 100644
index 83ad7b8..0000000
--- a/modules/google-anyscale-vpc-firewall/data.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-data "google_compute_network" "anyscale_vpc" {
- count = var.module_enabled ? 1 : 0
- project = var.anyscale_project_id
-
- name = var.vpc_name
-}
diff --git a/modules/google-anyscale-vpc-firewall/examples/README.md b/modules/google-anyscale-vpc-firewall/examples/README.md
index 2cae45f..993367d 100644
--- a/modules/google-anyscale-vpc-firewall/examples/README.md
+++ b/modules/google-anyscale-vpc-firewall/examples/README.md
@@ -28,7 +28,7 @@ This should NOT build any cloudstorage resources and is here for unit testing.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/modules/google-anyscale-vpc-firewall/examples/main.tf b/modules/google-anyscale-vpc-firewall/examples/main.tf
index 8c1f559..39c20f1 100644
--- a/modules/google-anyscale-vpc-firewall/examples/main.tf
+++ b/modules/google-anyscale-vpc-firewall/examples/main.tf
@@ -28,6 +28,7 @@ module "all_defaults" {
module_enabled = true
vpc_name = module.all_defaults_vpc.vpc_name
+ vpc_id = module.all_defaults_vpc.vpc_id
# vpc_self_link = module.all_defaults_vpc.vpc_selflink
}
@@ -51,6 +52,7 @@ module "anyscale_firewall_public" {
module_enabled = true
vpc_name = module.anyscale_firewall_public_vpc.vpc_name
+ vpc_id = module.anyscale_firewall_public_vpc.vpc_id
ingress_with_self_cidr_range = [local.public_subnet_cidr]
ingress_from_cidr_map = [
@@ -85,6 +87,7 @@ module "anyscale_firewall_private" {
module_enabled = true
vpc_name = module.anyscale_firewall_private_vpc.vpc_name
+ vpc_id = module.anyscale_firewall_private_vpc.vpc_id
default_ingress_cidr_range = [var.default_ingress_cidr_range]
ingress_from_cidr_map = [
@@ -125,7 +128,9 @@ module "kitchen_sink" {
# google_region = var.google_region
anyscale_project_id = var.google_project_id
- vpc_name = module.kitchen_sink_vpc.vpc_name
+ vpc_name = module.kitchen_sink_vpc.vpc_name
+ vpc_id = module.kitchen_sink_vpc.vpc_id
+
firewall_policy_name = "anyscale-tf-kitchensink-policy"
firewall_policy_description = "This is the Anyscale Kitchen Sink Policy"
enable_firewall_rule_logging = false
@@ -154,4 +159,5 @@ module "test_no_resources" {
# google_region = var.google_region
anyscale_project_id = ""
vpc_name = ""
+ vpc_id = ""
}
diff --git a/modules/google-anyscale-vpc-firewall/examples/versions.tf b/modules/google-anyscale-vpc-firewall/examples/versions.tf
index d3ea173..4ac3b53 100644
--- a/modules/google-anyscale-vpc-firewall/examples/versions.tf
+++ b/modules/google-anyscale-vpc-firewall/examples/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/modules/google-anyscale-vpc-firewall/main.tf b/modules/google-anyscale-vpc-firewall/main.tf
index 6fd01c2..eb76f2a 100644
--- a/modules/google-anyscale-vpc-firewall/main.tf
+++ b/modules/google-anyscale-vpc-firewall/main.tf
@@ -34,7 +34,7 @@ resource "google_compute_network_firewall_policy_association" "anyscale_firewall
project = var.anyscale_project_id
name = "${var.vpc_name}-association"
- attachment_target = data.google_compute_network.anyscale_vpc[0].self_link
+ attachment_target = var.vpc_id
firewall_policy = google_compute_network_firewall_policy.anyscale_firewall_policy[0].name
}
diff --git a/modules/google-anyscale-vpc-firewall/variables.tf b/modules/google-anyscale-vpc-firewall/variables.tf
index 39c0a15..d2d4da2 100644
--- a/modules/google-anyscale-vpc-firewall/variables.tf
+++ b/modules/google-anyscale-vpc-firewall/variables.tf
@@ -14,6 +14,18 @@ variable "vpc_name" {
type = string
}
+variable "vpc_id" {
+ description = <<-EOT
+ (Required) The ID of the VPC to apply the Firewall Policy to.
+
+ ex:
+ ```
+ vpc_id = "projects/anyscale/global/networks/anyscale-network"
+ ```
+ EOT
+ type = string
+}
+
# ------------------------------------------------------------------------------
# OPTIONAL PARAMETERS
# These variables have defaults, but may be overridden.
diff --git a/modules/google-anyscale-vpc-firewall/versions.tf b/modules/google-anyscale-vpc-firewall/versions.tf
index 26c4bad..ceb1c1e 100644
--- a/modules/google-anyscale-vpc-firewall/versions.tf
+++ b/modules/google-anyscale-vpc-firewall/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
random = {
source = "hashicorp/random"
diff --git a/modules/google-anyscale-vpc/README.md b/modules/google-anyscale-vpc/README.md
index 63efa24..92e11d1 100644
--- a/modules/google-anyscale-vpc/README.md
+++ b/modules/google-anyscale-vpc/README.md
@@ -3,11 +3,12 @@
[![Google Provider Version][badge-tf-google]](https://github.com/terraform-providers/terraform-provider-google/releases)
# google-anyscale-vpc
-This builds a VPC to support Anyscale on Google Cloud.
+This sub-module builds a VPC to support Anyscale on Google Cloud. It should be used from the [root module](../../README.md).
This includes:
- The VPC Network Resource
- A public or private subnet
-- ...
+- A proxy-only subnet
+
## Requirements
@@ -15,7 +16,7 @@ This includes:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
| [random](#requirement\_random) | ~> 3.0 |
| [time](#requirement\_time) | >= 0.9 |
@@ -121,5 +122,5 @@ No modules.
[Issues]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/issues
[badge-build]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/workflows/CI/CD%20Pipeline/badge.svg
[badge-terraform]: https://img.shields.io/badge/terraform-1.x%20-623CE4.svg?logo=terraform
-[badge-tf-google]: https://img.shields.io/badge/GCP-4.+-F8991D.svg?logo=terraform
+[badge-tf-google]: https://img.shields.io/badge/GCP-5.+-F8991D.svg?logo=terraform
[build-status]: https://github.com/anyscale/sa-terraform-google-cloudfoundation-modules/actions
diff --git a/modules/google-anyscale-vpc/examples/README.md b/modules/google-anyscale-vpc/examples/README.md
index 039c4c8..47acf6a 100644
--- a/modules/google-anyscale-vpc/examples/README.md
+++ b/modules/google-anyscale-vpc/examples/README.md
@@ -28,7 +28,7 @@ This should NOT build any cloudstorage resources and is here for unit testing.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.0 |
+| [google](#requirement\_google) | ~> 5.0 |
## Providers
diff --git a/modules/google-anyscale-vpc/examples/versions.tf b/modules/google-anyscale-vpc/examples/versions.tf
index 5e29bc5..43e528e 100644
--- a/modules/google-anyscale-vpc/examples/versions.tf
+++ b/modules/google-anyscale-vpc/examples/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/modules/google-anyscale-vpc/main.tf b/modules/google-anyscale-vpc/main.tf
index 97f74e3..85b5da0 100644
--- a/modules/google-anyscale-vpc/main.tf
+++ b/modules/google-anyscale-vpc/main.tf
@@ -2,12 +2,8 @@ locals {
random_char_length = var.random_char_length >= 4 && var.random_char_length % 2 == 0 ? var.random_char_length / 2 : 0
google_region = coalesce(var.google_region, data.google_client_config.current.region)
- anyscale_vpcname = var.anyscale_vpc_name != null ? var.anyscale_vpc_name : var.anyscale_vpc_name_prefix
- computed_anyscale_vpcname = var.enable_random_name_suffix ? format(
- "%s%s",
- local.anyscale_vpcname,
- random_id.random_char_suffix.hex,
- ) : local.anyscale_vpcname
+ anyscale_vpcname = var.anyscale_vpc_name != null ? var.anyscale_vpc_name : var.anyscale_vpc_name_prefix
+ computed_anyscale_vpcname = var.enable_random_name_suffix ? "${local.anyscale_vpcname}${random_id.random_char_suffix.hex}" : local.anyscale_vpcname
# module_labels = merge(
# tomap({
diff --git a/modules/google-anyscale-vpc/private-subnet.tf b/modules/google-anyscale-vpc/private-subnet.tf
index 0765bcd..ff4c923 100644
--- a/modules/google-anyscale-vpc/private-subnet.tf
+++ b/modules/google-anyscale-vpc/private-subnet.tf
@@ -7,7 +7,7 @@ locals {
private_subnet_flow_log_enabled = length(var.private_subnet_flow_log_config) > 0 ? true : false
private_subnet_name_computed = coalesce(
var.private_subnet_name,
- format("${local.computed_anyscale_vpcname}-${local.google_region}-${var.private_subnet_suffix}")
+ "${local.computed_anyscale_vpcname}-${local.google_region}-${var.private_subnet_suffix}"
)
# existing_prv_rt_count = length(var.existing_private_route_table_ids) > 0 ? length(var.existing_private_route_table_ids) : 0
diff --git a/modules/google-anyscale-vpc/proxy-subnet.tf b/modules/google-anyscale-vpc/proxy-subnet.tf
index 3037fdc..8474e3b 100644
--- a/modules/google-anyscale-vpc/proxy-subnet.tf
+++ b/modules/google-anyscale-vpc/proxy-subnet.tf
@@ -6,7 +6,7 @@ locals {
proxy_subnet_name_computed = coalesce(
var.proxy_subnet_name,
- format("${local.computed_anyscale_vpcname}-${local.google_region}-${var.proxy_subnet_suffix}")
+ "${local.computed_anyscale_vpcname}-${local.google_region}-${var.proxy_subnet_suffix}"
)
}
@@ -17,10 +17,9 @@ resource "google_compute_subnetwork" "anyscale_proxy_subnet" {
#checkov:skip=CKV_GCP_26:VPC Flow Logs disabled for Proxy Subnets
count = local.proxy_subnet_enabled ? 1 : 0
- name = local.proxy_subnet_name_computed
- ip_cidr_range = var.proxy_subnet_cidr
- ipv6_access_type = "INTERNAL"
- region = var.google_region
+ name = local.proxy_subnet_name_computed
+ ip_cidr_range = var.proxy_subnet_cidr
+ region = var.google_region
network = google_compute_network.anyscale_vpc[0].name
project = var.anyscale_project_id
diff --git a/modules/google-anyscale-vpc/public-subnet.tf b/modules/google-anyscale-vpc/public-subnet.tf
index d2b4bdd..b5bbd9d 100644
--- a/modules/google-anyscale-vpc/public-subnet.tf
+++ b/modules/google-anyscale-vpc/public-subnet.tf
@@ -8,7 +8,7 @@ locals {
# existing_prv_rt_count = length(var.existing_public_route_table_ids) > 0 ? length(var.existing_public_route_table_ids) : 0
public_subnet_name_computed = coalesce(
var.public_subnet_name,
- format("${local.computed_anyscale_vpcname}-${local.google_region}-${var.public_subnet_suffix}")
+ "${local.computed_anyscale_vpcname}-${local.google_region}-${var.public_subnet_suffix}"
)
# public_route_table_ids = local.existing_prv_rt_count > 0 ? var.existing_public_route_table_ids : local.public_subnet_count > 0 ? aws_route_table.public[*].id : []
}
diff --git a/modules/google-anyscale-vpc/versions.tf b/modules/google-anyscale-vpc/versions.tf
index 4b7b483..f367775 100644
--- a/modules/google-anyscale-vpc/versions.tf
+++ b/modules/google-anyscale-vpc/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
random = {
source = "hashicorp/random"
diff --git a/test/anyscale-v2-e2e-private-test/versions.tf b/test/anyscale-v2-e2e-private-test/versions.tf
index 763888a..8550449 100644
--- a/test/anyscale-v2-e2e-private-test/versions.tf
+++ b/test/anyscale-v2-e2e-private-test/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/test/anyscale-v2-e2e-public-test/versions.tf b/test/anyscale-v2-e2e-public-test/versions.tf
index 763888a..8550449 100644
--- a/test/anyscale-v2-e2e-public-test/versions.tf
+++ b/test/anyscale-v2-e2e-public-test/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
}
}
diff --git a/test/requirements.txt b/test/requirements.txt
index f2389d9..648ac52 100644
--- a/test/requirements.txt
+++ b/test/requirements.txt
@@ -1,3 +1,4 @@
anyscale
+anyscale[gcp]
rich
python_terraform
diff --git a/test/test_cloud_register_manual.py b/test/test_cloud_register_manual.py
index 5fc49ac..ac6bf3d 100644
--- a/test/test_cloud_register_manual.py
+++ b/test/test_cloud_register_manual.py
@@ -147,7 +147,7 @@ def _anyscale_cloud_verify(cloud_controller: CloudController, cloud_name: str):
strict=True,
# Change functional_verify="workspace,service" once service is ready.
# Requires user confirmation to proceed or setting yes=True
- functional_verify="workspace",
+ functional_verify="workspace,service",
yes=True,
)
logger.info(" Completed: Anyscale Cloud verified successfully")
diff --git a/variables.tf b/variables.tf
index ea9b326..c328f6e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -345,6 +345,21 @@ variable "existing_vpc_name" {
type = string
default = null
}
+variable "existing_vpc_id" {
+ description = <<-EOT
+ (Optional) An existing VPC ID.
+
+ If provided, this module will skip creating a new VPC with the Anyscale VPC module.
+ An existing VPC Subnet Name (`existing_vpc_subnet_name`) is also required if this is provided.
+
+ ex:
+ ```
+ existing_vpc_id = "projects/anyscale/global/networks/anyscale-network"
+ ```
+ EOT
+ type = string
+ default = null
+}
variable "existing_vpc_subnet_name" {
description = <<-EOT
(Optional) Existing subnet name to create Anyscale resources in.
@@ -424,6 +439,39 @@ variable "anyscale_vpc_description" {
default = "VPC for Anyscale Resources"
}
+# Public Subnet Related
+variable "anyscale_vpc_public_subnet_name" {
+ description = <<-EOT
+ (Optional) The public subnet name.
+
+ This VPC terraform will only create one public subnet in one region.
+ Overrides `anyscale_vpc_public_subnet_suffix` if provided.
+
+ ex:
+ ```
+ anyscale_vpc_public_subnet_name = "anyscale-public-subnet"
+ ```
+ EOT
+ type = string
+ default = null
+}
+
+variable "anyscale_vpc_public_subnet_suffix" {
+ description = <<-EOT
+ (Optional) The public subnet suffix.
+
+ Prepended with the VPC name and region to create a unique public subnet name.
+ Overridden by `anyscale_vpc_public_subnet_name`.
+
+ ex:
+ ```
+ anyscale_vpc_public_subnet_suffix = "public"
+ ```
+ EOT
+ type = string
+ default = "public"
+}
+
variable "anyscale_vpc_public_subnet_cidr" {
description = <<-EOT
(Optional) The public subnet to create.
@@ -462,6 +510,39 @@ variable "anyscale_vpc_public_subnet_cidr" {
}
}
+# Private Subnet
+variable "anyscale_vpc_private_subnet_name" {
+ description = <<-EOT
+ (Optional) The private subnet name.
+
+ This VPC terraform will only create one private subnet in one region.
+ Overrides `anyscale_vpc_private_subnet_suffix` if provided.
+
+ ex:
+ ```
+ anyscale_vpc_private_subnet_name = "anyscale-private-subnet"
+ ```
+ EOT
+ type = string
+ default = null
+}
+
+variable "anyscale_vpc_private_subnet_suffix" {
+ description = <<-EOT
+ (Optional) The private subnet suffix.
+
+ Prepended with the VPC name and region to create a unique private subnet name.
+ Overriden by `anyscale_vpc_private_subnet_name`.
+
+ ex:
+ ```
+ anyscale_vpc_private_subnet_suffix = "private"
+ ```
+ EOT
+ type = string
+ default = "private"
+}
+
variable "anyscale_vpc_private_subnet_cidr" {
description = <<-EOT
(Optional) The private subnet to create.
@@ -501,6 +582,41 @@ variable "anyscale_vpc_private_subnet_cidr" {
}
}
+# Proxy Subnet
+variable "anyscale_vpc_proxy_subnet_name" {
+ description = <<-EOT
+ (Optional) The proxy subnet name.
+
+ Overrides `anyscale_vpc_proxy_subnet_suffix` if provided.
+
+ This VPC terraform will only create one proxy subnet in one region. Proxy-Only subnets are used for Google Cloud Load Balancers.
+ More information can be found in the [Google Cloud Load Balancer Documentation](https://cloud.google.com/load-balancing/docs/proxy-only-subnets).
+
+ ex:
+ ```
+ anyscale_vpc_proxy_subnet_name = "anyscale-proxy-subnet"
+ ```
+ EOT
+ type = string
+ default = null
+
+}
+variable "anyscale_vpc_proxy_subnet_suffix" {
+ description = <<-EOT
+ (Optional) The proxy subnet suffix.
+
+ Prepended with the VPC name and region to create a unique proxy subnet name.
+ Overridden by `anyscale_vpc_proxy_subnet_name`.
+
+ ex:
+ ```
+ anyscale_vpc_proxy_subnet_suffix = "proxy"
+ ```
+ EOT
+ type = string
+ default = "proxy"
+}
+
variable "anyscale_vpc_proxy_subnet_cidr" {
description = <<-EOT
(Optional) The proxy subnet to create.
diff --git a/versions.tf b/versions.tf
index 9b2c7f0..970d145 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.0"
+ version = "~> 5.0"
}
random = {