Skip to content

Commit

Permalink
Merge pull request #19 from caetano-colin/chore/update-terraform-docs
Browse files Browse the repository at this point in the history 
chore: update all terraform docs
  • Loading branch information
@sleighton2022
sleighton2022 authored Apr 30, 2024
2 parents f423ad6 + c757865 commit 02a16a1
Show file tree
Hide file tree
Showing 39 changed files with 538 additions and 190 deletions.
5 changes: 4 additions & 1 deletion 1-org/envs/shared/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,13 @@
| essential\_contacts\_language | Essential Contacts preferred language for notifications, as a ISO 639-1 language code. See [Supported languages](https://cloud.google.com/resource-manager/docs/managing-notification-contacts#supported-languages) for a list of supported languages. | `string` | `"en"` | no |
| gcp\_groups | Groups to grant specific roles in the Organization.<br> platform\_viewer: Google Workspace or Cloud Identity group that have the ability to view resource information across the Google Cloud organization.<br> security\_reviewer: Google Workspace or Cloud Identity group that members are part of the security team responsible for reviewing cloud security<br> network\_viewer: Google Workspace or Cloud Identity group that members are part of the networking team and review network configurations.<br> scc\_admin: Google Workspace or Cloud Identity group that can administer Security Command Center.<br> audit\_viewer: Google Workspace or Cloud Identity group that members are part of an audit team and view audit logs in the logging project.<br> global\_secrets\_admin: Google Workspace or Cloud Identity group that members are responsible for putting secrets into Secrets Manage | <pre>object({<br> platform_viewer = optional(string, null)<br> security_reviewer = optional(string, null)<br> network_viewer = optional(string, null)<br> scc_admin = optional(string, null)<br> audit_viewer = optional(string, null)<br> global_secrets_admin = optional(string, null)<br> })</pre> | `{}` | no |
| gcp\_user | Users to grant specific roles in the Organization.<br> org\_admin: Identity that has organization administrator permissions.<br> billing\_creator: Identity that can create billing accounts.<br> billing\_admin: Identity that has billing administrator permissions. | <pre>object({<br> org_admin = optional(string, null)<br> billing_creator = optional(string, null)<br> billing_admin = optional(string, null)<br> })</pre> | `{}` | no |
| keyring\_name | Name to be used for KMS Keyring | `string` | `"sample-keyring"` | no |
| keyring\_regions | Regions to create keyrings in | `list(string)` | <pre>[<br> "us-central1",<br> "us-east4"<br>]</pre> | no |
| log\_export\_storage\_force\_destroy | (Optional) If set to true, delete all contents when destroying the resource; otherwise, destroying the resource will fail if contents are present. | `bool` | `false` | no |
| log\_export\_storage\_location | The location of the storage bucket used to export logs. | `string` | `"US"` | no |
| log\_export\_storage\_retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br> is_locked = bool<br> retention_period_days = number<br> })</pre> | `null` | no |
| log\_export\_storage\_versioning | (Optional) Toggles bucket versioning, ability to retain a non-current object version when the live object version gets replaced or deleted. | `bool` | `false` | no |
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> dns_hub_budget_amount = optional(number, 1000)<br> dns_hub_alert_spent_percents = optional(list(number), [1.2])<br> dns_hub_alert_pubsub_topic = optional(string, null)<br> dns_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> base_net_hub_budget_amount = optional(number, 1000)<br> base_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> base_net_hub_alert_pubsub_topic = optional(string, null)<br> base_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_net_hub_budget_amount = optional(number, 1000)<br> restricted_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> restricted_net_hub_alert_pubsub_topic = optional(string, null)<br> restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> interconnect_budget_amount = optional(number, 1000)<br> interconnect_alert_spent_percents = optional(list(number), [1.2])<br> interconnect_alert_pubsub_topic = optional(string, null)<br> interconnect_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_kms_budget_amount = optional(number, 1000)<br> org_kms_alert_spent_percents = optional(list(number), [1.2])<br> org_kms_alert_pubsub_topic = optional(string, null)<br> org_kms_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_secrets_budget_amount = optional(number, 1000)<br> org_secrets_alert_spent_percents = optional(list(number), [1.2])<br> org_secrets_alert_pubsub_topic = optional(string, null)<br> org_secrets_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_billing_logs_budget_amount = optional(number, 1000)<br> org_billing_logs_alert_spent_percents = optional(list(number), [1.2])<br> org_billing_logs_alert_pubsub_topic = optional(string, null)<br> org_billing_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_audit_logs_budget_amount = optional(number, 1000)<br> org_audit_logs_alert_spent_percents = optional(list(number), [1.2])<br> org_audit_logs_alert_pubsub_topic = optional(string, null)<br> org_audit_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> scc_notifications_budget_amount = optional(number, 1000)<br> scc_notifications_alert_spent_percents = optional(list(number), [1.2])<br> scc_notifications_alert_pubsub_topic = optional(string, null)<br> scc_notifications_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> base_network_budget_amount = optional(number, 1000)<br> base_network_alert_spent_percents = optional(list(number), [1.2])<br> base_network_alert_pubsub_topic = optional(string, null)<br> base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_network_budget_amount = optional(number, 1000)<br> restricted_network_alert_spent_percents = optional(list(number), [1.2])<br> restricted_network_alert_pubsub_topic = optional(string, null)<br> restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> dns_hub_budget_amount = optional(number, 1000)<br> dns_hub_alert_spent_percents = optional(list(number), [1.2])<br> dns_hub_alert_pubsub_topic = optional(string, null)<br> dns_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> base_net_hub_budget_amount = optional(number, 1000)<br> base_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> base_net_hub_alert_pubsub_topic = optional(string, null)<br> base_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_net_hub_budget_amount = optional(number, 1000)<br> restricted_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> restricted_net_hub_alert_pubsub_topic = optional(string, null)<br> restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> interconnect_budget_amount = optional(number, 1000)<br> interconnect_alert_spent_percents = optional(list(number), [1.2])<br> interconnect_alert_pubsub_topic = optional(string, null)<br> interconnect_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_kms_budget_amount = optional(number, 1000)<br> org_kms_alert_spent_percents = optional(list(number), [1.2])<br> org_kms_alert_pubsub_topic = optional(string, null)<br> org_kms_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_secrets_budget_amount = optional(number, 1000)<br> org_secrets_alert_spent_percents = optional(list(number), [1.2])<br> org_secrets_alert_pubsub_topic = optional(string, null)<br> org_secrets_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_billing_logs_budget_amount = optional(number, 1000)<br> org_billing_logs_alert_spent_percents = optional(list(number), [1.2])<br> org_billing_logs_alert_pubsub_topic = optional(string, null)<br> org_billing_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_audit_logs_budget_amount = optional(number, 1000)<br> org_audit_logs_alert_spent_percents = optional(list(number), [1.2])<br> org_audit_logs_alert_pubsub_topic = optional(string, null)<br> org_audit_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> scc_notifications_budget_amount = optional(number, 1000)<br> scc_notifications_alert_spent_percents = optional(list(number), [1.2])<br> scc_notifications_alert_pubsub_topic = optional(string, null)<br> scc_notifications_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> base_network_budget_amount = optional(number, 1000)<br> base_network_alert_spent_percents = optional(list(number), [1.2])<br> base_network_alert_pubsub_topic = optional(string, null)<br> base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_network_budget_amount = optional(number, 1000)<br> restricted_network_alert_spent_percents = optional(list(number), [1.2])<br> restricted_network_alert_pubsub_topic = optional(string, null)<br> restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> artifacts_budget_amount = optional(number, 1000)<br> artifacts_alert_spent_percents = optional(list(number), [1.2])<br> artifacts_alert_pubsub_topic = optional(string, null)<br> artifacts_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> service_catalog_budget_amount = optional(number, 1000)<br> service_catalog_alert_spent_percents = optional(list(number), [1.2])<br> service_catalog_alert_pubsub_topic = optional(string, null)<br> service_catalog_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| scc\_notification\_filter | Filter used to create the Security Command Center Notification, you can see more details on how to create filters in https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications#create-filter | `string` | `"state = \"ACTIVE\""` | no |
| scc\_notification\_name | Name of the Security Command Center Notification. It must be unique in the organization. Run `gcloud scc notifications describe <scc_notification_name> --organization=org_id` to check if it already exists. | `string` | n/a | yes |
Expand All @@ -41,6 +43,7 @@
| domains\_to\_allow | The list of domains to allow users from in IAM. |
| interconnect\_project\_id | The Dedicated Interconnect project ID |
| interconnect\_project\_number | The Dedicated Interconnect project number |
| key\_rings | Keyring Names created |
| logs\_export\_logbucket\_linked\_dataset\_name | The resource name of the Log Bucket linked BigQuery dataset created for Log Analytics. See https://cloud.google.com/logging/docs/log-analytics . |
| logs\_export\_logbucket\_name | The log bucket for destination of log exports. See https://cloud.google.com/logging/docs/routing/overview#buckets . |
| logs\_export\_pubsub\_topic | The Pub/Sub topic for destination of log exports |
Expand Down
9 changes: 5 additions & 4 deletions 2-environments/envs/development/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,12 @@
|------|-------------|
| env\_folder | Environment folder created under parent. |
| env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). |
| env\_secrets\_project\_id | Project for environment related secrets. |
| monitoring\_project\_id | Project for monitoring infra. |
| key\_rings | Keyring Names created |
| env\_kms\_project\_number | Project Number for environment Cloud Key Management Service (KMS). |
| env\_log\_bucket\_name | Name of environment log bucket |
| env\_log\_project\_id | Project ID of the environments log project |
| env\_log\_project\_number | Project Number of the environments log project |
| env\_log\_bucket\_name | Name of environment log bucket |
| env\_secrets\_project\_id | Project for environment related secrets. |
| key\_rings | Keyring Names created |
| monitoring\_project\_id | Project for monitoring infra. |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
9 changes: 5 additions & 4 deletions 2-environments/envs/non-production/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,12 @@
|------|-------------|
| env\_folder | Environment folder created under parent. |
| env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). |
| env\_secrets\_project\_id | Project for environment related secrets. |
| monitoring\_project\_id | Project for monitoring infra. |
| key\_rings | Keyring Names created |
| env\_kms\_project\_number | Project Number for environment Cloud Key Management Service (KMS). |
| env\_log\_bucket\_name | Name of environment log bucket |
| env\_log\_project\_id | Project ID of the environments log project |
| env\_log\_project\_number | Project Number of the environments log project |
| env\_log\_bucket\_name | Name of environment log bucket |
| env\_secrets\_project\_id | Project for environment related secrets. |
| key\_rings | Keyring Names created |
| monitoring\_project\_id | Project for monitoring infra. |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
11 changes: 7 additions & 4 deletions 2-environments/envs/production/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,16 @@

| Name | Description |
|------|-------------|
| assured\_workload\_id | Assured Workload ID. |
| assured\_workload\_resources | Resources associated with the Assured Workload. |
| env\_folder | Environment folder created under parent. |
| env\_kms\_project\_id | Project for environment Cloud Key Management Service (KMS). |
| env\_secrets\_project\_id | Project for environment related secrets. |
| monitoring\_project\_id | Project for monitoring infra. |
| key\_rings | Keyring Names created |
| env\_kms\_project\_number | Project Number for environment Cloud Key Management Service (KMS). |
| env\_log\_bucket\_name | Name of environment log bucket |
| env\_log\_project\_id | Project ID of the environments log project |
| env\_log\_project\_number | Project Number of the environments log project |
| env\_log\_bucket\_name | Name of environment log bucket |
| env\_secrets\_project\_id | Project for environment related secrets. |
| key\_rings | Keyring Names created |
| monitoring\_project\_id | Project for monitoring infra. |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
Loading

0 comments on commit 02a16a1

Please sign in to comment.