diff --git a/Makefile b/Makefile index 406cd45..7652163 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash -DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.8.0 +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd diff --git a/README.md b/README.md index 3db9785..85cace3 100644 --- a/README.md +++ b/README.md @@ -71,8 +71,10 @@ destinations (Cloud Pub/Sub, BigQuery, Cloud Monitoring). The infrastructure is shared by all SLOs and a Pub/Sub topic created as input stream for SLO reports. ### Compatibility - -This module is meant for use with Terraform 0.12. +This module is meant for use with Terraform 0.13. If you haven't +[upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform +0.12.x-compatible version of this module, the last released version +intended for Terraform 0.12.x is [v1.0.2](https://registry.terraform.io/modules/terraform-google-modules/-slo/google/v1.0.2). ### Usage diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 6b713d5..b3bf477 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -38,4 +38,4 @@ tags: - 'integration' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.8.0' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13' diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml index 934c3fe..7c1aecb 100644 --- a/build/lint.cloudbuild.yaml +++ b/build/lint.cloudbuild.yaml @@ -21,4 +21,4 @@ tags: - 'lint' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.8.0' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13' diff --git a/examples/native/simple_example/README.md b/examples/native/simple_example/README.md index ea6626f..7199efb 100644 --- a/examples/native/simple_example/README.md +++ b/examples/native/simple_example/README.md @@ -18,9 +18,13 @@ To run this example, you'll need: ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| app\_engine\_project\_id | App Engine project id | string | n/a | yes | -| project\_id | Project id | string | n/a | yes | +|------|-------------|------|---------|:--------:| +| app\_engine\_project\_id | App Engine project id | `any` | n/a | yes | +| project\_id | Project id | `any` | n/a | yes | + +## Outputs + +No output. diff --git a/examples/native/yaml_example/README.md b/examples/native/yaml_example/README.md index 5596893..a1f92b4 100644 --- a/examples/native/yaml_example/README.md +++ b/examples/native/yaml_example/README.md @@ -21,20 +21,20 @@ To run this example, you'll need: ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| app\_engine\_project\_id | App Engine project id | string | n/a | yes | -| project\_id | Project id | string | n/a | yes | +|------|-------------|------|---------|:--------:| +| app\_engine\_project\_id | App Engine project id | `any` | n/a | yes | +| project\_id | Project id | `any` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| slo-cass-latency5ms-window | | -| slo-gae-latency500ms | | -| slo-gcp-latency400ms | | -| slo-gcp-latency500ms-window | | -| slo-uptime-latency500ms | | -| slo-uptime-pass | | +| slo-cass-latency5ms-window | n/a | +| slo-gae-latency500ms | n/a | +| slo-gcp-latency400ms | n/a | +| slo-gcp-latency500ms-window | n/a | +| slo-uptime-latency500ms | n/a | +| slo-uptime-pass | n/a | diff --git a/examples/slo-generator/simple_example/README.md b/examples/slo-generator/simple_example/README.md index 1e4b2bb..8d5c628 100644 --- a/examples/slo-generator/simple_example/README.md +++ b/examples/slo-generator/simple_example/README.md @@ -19,13 +19,12 @@ To run this example, you'll need: ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| bq\_location | Location of BQ dataset | string | `"US"` | no | -| labels | Project labels | map | `` | no | -| project\_id | Project id | string | n/a | yes | -| region | Region | string | `"us-east1"` | no | -| schedule | Cron-like Cloud Scheduler schedule | string | `"* * * * */1"` | no | -| stackdriver\_host\_project\_id | Stackdriver host project id | string | n/a | yes | +|------|-------------|------|---------|:--------:| +| labels | Project labels | `map` | `{}` | no | +| project\_id | Project id | `string` | n/a | yes | +| region | Region | `string` | `"us-east1"` | no | +| schedule | Cron-like Cloud Scheduler schedule | `string` | `"* * * * */1"` | no | +| stackdriver\_host\_project\_id | Stackdriver host project id | `any` | n/a | yes | ## Outputs diff --git a/examples/slo-generator/yaml_example/README.md b/examples/slo-generator/yaml_example/README.md index 511322f..eccc7bd 100644 --- a/examples/slo-generator/yaml_example/README.md +++ b/examples/slo-generator/yaml_example/README.md @@ -19,22 +19,21 @@ To run this example, you'll need: ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| bucket\_location | Bucket name for SLO configs and GCF code zips | string | `"US"` | no | -| bucket\_name | Bucket name for SLO configs and GCF code zips | string | n/a | yes | -| labels | Project labels | map | `` | no | -| project\_id | Project id | string | n/a | yes | -| region | Region | string | `"us-east1"` | no | -| schedule | Cron-like Cloud Scheduler schedule | string | `"* * * * */1"` | no | -| stackdriver\_host\_project\_id | Stackdriver host project id | string | n/a | yes | +|------|-------------|------|---------|:--------:| +| bucket\_name | Bucket name for SLO configs and GCF code zips | `any` | n/a | yes | +| labels | Project labels | `map` | `{}` | no | +| project\_id | Project id | `string` | n/a | yes | +| region | Region | `string` | `"us-east1"` | no | +| schedule | Cron-like Cloud Scheduler schedule | `string` | `"* * * * */1"` | no | +| stackdriver\_host\_project\_id | Stackdriver host project id | `any` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| slo-generator-bq-latency | | -| slo-generator-gcf-errors | | -| slo-generator-pubsub-ack | | +| slo-generator-bq-latency | n/a | +| slo-generator-gcf-errors | n/a | +| slo-generator-pubsub-ack | n/a | | slo\_pipeline | SLO pipeline outputs | diff --git a/modules/slo-pipeline/README.md b/modules/slo-pipeline/README.md index 48bc9cb..28595ca 100644 --- a/modules/slo-pipeline/README.md +++ b/modules/slo-pipeline/README.md @@ -42,30 +42,30 @@ See the [fixture project](../../test/setup/main.tf) for an example to create thi ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| dataset\_create | Whether to create the BigQuery dataset | bool | `"true"` | no | -| dataset\_default\_table\_expiration\_ms | The default lifetime of the slo table in the dataset, in milliseconds. Default is never (Recommended) | number | `"-1"` | no | -| exporters | SLO export destinations config | any | n/a | yes | -| extra\_files | Extra files to add to the Google Cloud Function code | object | `` | no | -| function\_bucket\_name | Name of the bucket to create to store the Cloud Function code | string | `"slo-pipeline"` | no | -| function\_environment\_variables | Cloud Function environment variables | map | `` | no | -| function\_memory | Memory in MB for the Cloud Function (increases with no. of SLOs) | string | `"128"` | no | -| function\_name | Cloud Function name | string | `"slo-pipeline"` | no | -| function\_source\_directory | The contents of this directory will be archived and used as the function source. (defaults to standard SLO generator code) | string | `""` | no | -| function\_timeout | Timeout (in seconds) | string | `"90"` | no | -| grant\_iam\_roles | Grant IAM roles to created service accounts | string | `"true"` | no | -| labels | Labels to apply to all resources created | map | `` | no | -| project\_id | Project id to create SLO infrastructure | string | n/a | yes | -| pubsub\_topic\_name | Pub/Sub topic name | string | `"slo-export-topic"` | no | -| region | Region for the App Engine app | string | `"us-east1"` | no | -| service\_account\_email | Service account email (optional) | string | `""` | no | -| service\_account\_name | Name of the service account to create | string | `"slo-pipeline"` | no | -| slo\_generator\_version | SLO generator library version | string | `"1.4.0"` | no | -| storage\_bucket\_class | The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE | string | `"STANDARD"` | no | -| storage\_bucket\_location | The GCS location | string | `"US"` | no | -| use\_custom\_service\_account | Use a custom service account (pass service_account_email if true) | bool | `"false"` | no | -| vpc\_connector | VPC Connector. The format of this field is projects/*/locations/*/connectors/*. | string | `"null"` | no | -| vpc\_connector\_egress\_settings | VPC Connector Egress Settings. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. | string | `"null"` | no | +|------|-------------|------|---------|:--------:| +| dataset\_create | Whether to create the BigQuery dataset | `bool` | `true` | no | +| dataset\_default\_table\_expiration\_ms | The default lifetime of the slo table in the dataset, in milliseconds. Default is never (Recommended) | `number` | `-1` | no | +| exporters | SLO export destinations config | `any` | n/a | yes | +| extra\_files | Extra files to add to the Google Cloud Function code | 
list(object({
    content  = string,
    filename = string
  }))
| `[]` | no | +| function\_bucket\_name | Name of the bucket to create to store the Cloud Function code | `string` | `"slo-pipeline"` | no | +| function\_environment\_variables | Cloud Function environment variables | `map` | `{}` | no | +| function\_memory | Memory in MB for the Cloud Function (increases with no. of SLOs) | `number` | `128` | no | +| function\_name | Cloud Function name | `string` | `"slo-pipeline"` | no | +| function\_source\_directory | The contents of this directory will be archived and used as the function source. (defaults to standard SLO generator code) | `string` | `""` | no | +| function\_timeout | Timeout (in seconds) | `string` | `"90"` | no | +| grant\_iam\_roles | Grant IAM roles to created service accounts | `bool` | `true` | no | +| labels | Labels to apply to all resources created | `map` | `{}` | no | +| project\_id | Project id to create SLO infrastructure | `any` | n/a | yes | +| pubsub\_topic\_name | Pub/Sub topic name | `string` | `"slo-export-topic"` | no | +| region | Region for the App Engine app | `string` | `"us-east1"` | no | +| service\_account\_email | Service account email (optional) | `string` | `""` | no | +| service\_account\_name | Name of the service account to create | `string` | `"slo-pipeline"` | no | +| slo\_generator\_version | SLO generator library version | `string` | `"1.4.0"` | no | +| storage\_bucket\_class | The Storage Class of the new bucket. Supported values include: STANDARD, MULTI\_REGIONAL, REGIONAL, NEARLINE, COLDLINE | `string` | `"STANDARD"` | no | +| storage\_bucket\_location | The GCS location | `string` | `"US"` | no | +| use\_custom\_service\_account | Use a custom service account (pass service\_account\_email if true) | `bool` | `false` | no | +| vpc\_connector | VPC Connector. The format of this field is projects/\*/locations/\*/connectors/\*. | `any` | `null` | no | +| vpc\_connector\_egress\_settings | VPC Connector Egress Settings. Allowed values are ALL\_TRAFFIC and PRIVATE\_RANGES\_ONLY. | `any` | `null` | no | ## Outputs diff --git a/modules/slo-pipeline/versions.tf b/modules/slo-pipeline/versions.tf index 832ec1d..910786e 100644 --- a/modules/slo-pipeline/versions.tf +++ b/modules/slo-pipeline/versions.tf @@ -1,5 +1,5 @@ /** - * Copyright 2018 Google LLC + * Copyright 2021 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,5 +15,17 @@ */ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + + google = { + source = "hashicorp/google" + version = "~> 3.53" + } + } + + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-slo:slo-pipeline/v1.0.0" + } + } diff --git a/modules/slo/README.md b/modules/slo/README.md index 099982b..0a15c33 100644 --- a/modules/slo/README.md +++ b/modules/slo/README.md @@ -45,33 +45,33 @@ See the [fixture project](../../test/setup/main.tf) for an example to create thi ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| bucket\_force\_destroy | When deleting the GCS bucket containing the cloud function, delete all objects in the bucket first. | string | `"true"` | no | -| config | SLO Configuration | object | n/a | yes | -| config\_bucket | SLO generator GCS bucket to store configs and GCF code. | string | `""` | no | -| config\_bucket\_region | Config bucket region | string | `"EU"` | no | -| error\_budget\_policy | Error budget policy config | object | `` | no | -| extra\_files | Extra files to add to the Google Cloud Function code | object | `` | no | -| function\_environment\_variables | Cloud Function environment variables. | map(string) | `` | no | -| function\_labels | A set of key/value label pairs to assign to the function. | map(string) | `` | no | -| function\_memory | Memory in MB for the Cloud Function (increases with no. of SLOs) | string | `"128"` | no | -| function\_name | Cloud Function name. Defaults to slo-{service}-{feature}-{slo} | string | `""` | no | -| function\_source\_archive\_bucket\_labels | A set of key/value label pairs to assign to the function source archive bucket. | map(string) | `` | no | -| function\_source\_directory | The contents of this directory will be archived and used as the function source. (defaults to standard SLO generator code) | string | `""` | no | -| function\_timeout | The amount of time in seconds allotted for the execution of the function. | number | `"60"` | no | -| grant\_iam\_roles | Grant IAM roles to created service accounts | string | `"true"` | no | -| labels | Labels to apply to all resources created | map | `` | no | -| message\_data | The data to send in the topic message. | string | `"dGVzdA=="` | no | -| project\_id | SLO project id | string | n/a | yes | -| region | Region to deploy the Cloud Function in | string | `"us-east1"` | no | -| schedule | Cron-like schedule for Cloud Scheduler | string | `"* * * * */1"` | no | -| service\_account\_email | Service account email (optional) | string | `""` | no | -| service\_account\_name | Service account name (in case the generated one is too long) | string | `""` | no | -| slo\_generator\_version | SLO generator library version | string | `"1.4.0"` | no | -| time\_zone | The timezone to use in scheduler | string | `"Etc/UTC"` | no | -| use\_custom\_service\_account | Use a custom service account (pass service_account_email if true) | bool | `"false"` | no | -| vpc\_connector | VPC Connector. The format of this field is projects/*/locations/*/connectors/*. | string | `"null"` | no | -| vpc\_connector\_egress\_settings | VPC Connector Egress Settings. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. | string | `"null"` | no | +|------|-------------|------|---------|:--------:| +| bucket\_force\_destroy | When deleting the GCS bucket containing the cloud function, delete all objects in the bucket first. | `string` | `"true"` | no | +| config | SLO Configuration | 
object({
    slo_name        = string
    slo_target      = number
    slo_description = string
    service_name    = string
    feature_name    = string
    metadata        = map(string)
    backend         = any
    exporters       = any
  })
| n/a | yes | +| config\_bucket | SLO generator GCS bucket to store configs and GCF code. | `string` | `""` | no | +| config\_bucket\_region | Config bucket region | `string` | `"EU"` | no | +| error\_budget\_policy | Error budget policy config | 
list(object({
    error_budget_policy_step_name  = string
    measurement_window_seconds     = number
    alerting_burn_rate_threshold   = number
    urgent_notification            = bool
    overburned_consequence_message = string
    achieved_consequence_message   = string
  }))
| 
[
  {
    "achieved_consequence_message": "Last hour on track",
    "alerting_burn_rate_threshold": 9,
    "error_budget_policy_step_name": "a.Last 1 hour",
    "measurement_window_seconds": 3600,
    "overburned_consequence_message": "Page the SRE team to defend the SLO",
    "urgent_notification": true
  },
  {
    "achieved_consequence_message": "Last 12 hours on track",
    "alerting_burn_rate_threshold": 3,
    "error_budget_policy_step_name": "b.Last 12 hours",
    "measurement_window_seconds": 43200,
    "overburned_consequence_message": "Page the SRE team to defend the SLO",
    "urgent_notification": true
  },
  {
    "achieved_consequence_message": "Last week on track",
    "alerting_burn_rate_threshold": 1.5,
    "error_budget_policy_step_name": "c.Last 7 days",
    "measurement_window_seconds": 604800,
    "overburned_consequence_message": "Dev team dedicates two Engineers to the action items of the post-mortem",
    "urgent_notification": false
  },
  {
    "achieved_consequence_message": "Unfreeze release, per the agreed roll-out policy",
    "alerting_burn_rate_threshold": 1,
    "error_budget_policy_step_name": "d.Last 28 days",
    "measurement_window_seconds": 2419200,
    "overburned_consequence_message": "Freeze release, unless related to reliability or security",
    "urgent_notification": false
  }
]
| no | +| extra\_files | Extra files to add to the Google Cloud Function code | 
list(object({
    content  = string,
    filename = string
  }))
| `[]` | no | +| function\_environment\_variables | Cloud Function environment variables. | `map(string)` | `{}` | no | +| function\_labels | A set of key/value label pairs to assign to the function. | `map(string)` | `{}` | no | +| function\_memory | Memory in MB for the Cloud Function (increases with no. of SLOs) | `number` | `128` | no | +| function\_name | Cloud Function name. Defaults to slo-{service}-{feature}-{slo} | `string` | `""` | no | +| function\_source\_archive\_bucket\_labels | A set of key/value label pairs to assign to the function source archive bucket. | `map(string)` | `{}` | no | +| function\_source\_directory | The contents of this directory will be archived and used as the function source. (defaults to standard SLO generator code) | `string` | `""` | no | +| function\_timeout | The amount of time in seconds allotted for the execution of the function. | `number` | `60` | no | +| grant\_iam\_roles | Grant IAM roles to created service accounts | `bool` | `true` | no | +| labels | Labels to apply to all resources created | `map` | `{}` | no | +| message\_data | The data to send in the topic message. | `string` | `"dGVzdA=="` | no | +| project\_id | SLO project id | `any` | n/a | yes | +| region | Region to deploy the Cloud Function in | `string` | `"us-east1"` | no | +| schedule | Cron-like schedule for Cloud Scheduler | `string` | `"* * * * */1"` | no | +| service\_account\_email | Service account email (optional) | `string` | `""` | no | +| service\_account\_name | Service account name (in case the generated one is too long) | `string` | `""` | no | +| slo\_generator\_version | SLO generator library version | `string` | `"1.4.0"` | no | +| time\_zone | The timezone to use in scheduler | `string` | `"Etc/UTC"` | no | +| use\_custom\_service\_account | Use a custom service account (pass service\_account\_email if true) | `bool` | `false` | no | +| vpc\_connector | VPC Connector. The format of this field is projects/\*/locations/\*/connectors/\*. | `any` | `null` | no | +| vpc\_connector\_egress\_settings | VPC Connector Egress Settings. Allowed values are ALL\_TRAFFIC and PRIVATE\_RANGES\_ONLY. | `any` | `null` | no | ## Outputs diff --git a/modules/slo/versions.tf b/modules/slo/versions.tf index 832ec1d..f626c17 100644 --- a/modules/slo/versions.tf +++ b/modules/slo/versions.tf @@ -1,5 +1,5 @@ /** - * Copyright 2018 Google LLC + * Copyright 2021 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,5 +15,17 @@ */ terraform { - required_version = ">= 0.12" + required_version = ">= 0.13" + required_providers { + + google = { + source = "hashicorp/google" + version = "~> 3.53" + } + } + + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-slo:slo/v1.0.0" + } + } diff --git a/test/integration/simple_example/controls/gcp.rb b/test/integration/simple_example/controls/gcp.rb index b434e8d..274d153 100644 --- a/test/integration/simple_example/controls/gcp.rb +++ b/test/integration/simple_example/controls/gcp.rb @@ -17,7 +17,7 @@ control "gcp" do title "GCP Resources" - describe google_storage_bucket(name: slo_pipeline["function_bucket_name"]) do + describe google_storage_bucket(name: slo_pipeline[:function_bucket_name]) do it { should exist } end end diff --git a/test/integration/simple_example/inspec.yml b/test/integration/simple_example/inspec.yml index 692c23a..c5bad1f 100644 --- a/test/integration/simple_example/inspec.yml +++ b/test/integration/simple_example/inspec.yml @@ -3,7 +3,7 @@ name: simple_example depends: - name: inspec-gcp git: https://github.com/inspec/inspec-gcp.git - tag: v0.10.0 + tag: v1.8.8 attributes: diff --git a/test/setup/main.tf b/test/setup/main.tf index 6e307f8..118ba55 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -16,16 +16,14 @@ module "project" { source = "terraform-google-modules/project-factory/google" - version = "~> 8.0" + version = "~> 10.2" - name = "ci-slo" - random_project_id = "true" - org_id = var.org_id - folder_id = var.folder_id - billing_account = var.billing_account - skip_gcloud_download = true + name = "ci-slo" + random_project_id = "true" + org_id = var.org_id + folder_id = var.folder_id + billing_account = var.billing_account activate_apis = [ - "appengine.googleapis.com", "bigquery.googleapis.com", "cloudbuild.googleapis.com", "cloudfunctions.googleapis.com", @@ -35,15 +33,15 @@ module "project" { "pubsub.googleapis.com", "iam.googleapis.com", "cloudresourcemanager.googleapis.com", - "serviceusage.googleapis.com" + "serviceusage.googleapis.com", + "appengine.googleapis.com" ] } module "app-engine" { - source = "terraform-google-modules/project-factory/google//modules/app_engine" - version = "~> 3.0" - location_id = var.region - serving_status = "SERVING" - feature_settings = [{ enabled = true }] - project_id = module.project.project_id + source = "terraform-google-modules/project-factory/google//modules/app_engine" + version = "~> 10.2" + location_id = var.region + serving_status = "SERVING" + project_id = module.project.project_id } diff --git a/test/setup/versions.tf b/test/setup/versions.tf index 5084f95..35d6ae4 100644 --- a/test/setup/versions.tf +++ b/test/setup/versions.tf @@ -19,9 +19,9 @@ terraform { } provider "google" { - version = "~> 3.19" + version = "~> 3.53" } provider "google-beta" { - version = "~> 3.19" + version = "~> 3.53" }