From 4c06b3611839f6eceb86ece07ee7ffda8f3d76c9 Mon Sep 17 00:00:00 2001 From: jianglai Date: Wed, 4 Apr 2018 07:36:05 -0700 Subject: [PATCH] Format terraform files For some reason the auto-formatting didn't happen when these files are first checked in. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=191589487 --- .../proxy/terraform/example_config.tf | 11 ++- .../registry/proxy/terraform/modules/dns.tf | 34 ++++----- .../registry/proxy/terraform/modules/gke.tf | 24 +++---- .../proxy/terraform/modules/gke/cluster.tf | 21 +++--- .../proxy/terraform/modules/gke/input.tf | 5 +- .../registry/proxy/terraform/modules/iam.tf | 14 ++-- .../registry/proxy/terraform/modules/input.tf | 5 +- .../registry/proxy/terraform/modules/kms.tf | 9 ++- .../proxy/terraform/modules/networking.tf | 69 +++++++++++-------- 9 files changed, 105 insertions(+), 87 deletions(-) diff --git a/java/google/registry/proxy/terraform/example_config.tf b/java/google/registry/proxy/terraform/example_config.tf index 32b2b458f..898aa0c88 100644 --- a/java/google/registry/proxy/terraform/example_config.tf +++ b/java/google/registry/proxy/terraform/example_config.tf @@ -7,11 +7,11 @@ terraform { } module "proxy" { - source = "../../modules" - proxy_project_name = "YOUR_PROXY_PROJECT" + source = "../../modules" + proxy_project_name = "YOUR_PROXY_PROJECT" nomulus_project_name = "YOUR_NOMULUS_GPROJECT" - gcr_project_name = "YOUR_GCR_PROJECT" - proxy_domain_name = "YOUR_PROXY_DOMAIN" + gcr_project_name = "YOUR_GCR_PROJECT" + proxy_domain_name = "YOUR_PROXY_DOMAIN" } output "proxy_service_account_client_id" { @@ -28,8 +28,7 @@ output "proxy_instance_groups" { output "proxy_ip_addresses" { value = { - ipv4 = "${module.proxy.proxy_ipv4_address}", + ipv4 = "${module.proxy.proxy_ipv4_address}" ipv6 = "${module.proxy.proxy_ipv6_address}" } } - diff --git a/java/google/registry/proxy/terraform/modules/dns.tf b/java/google/registry/proxy/terraform/modules/dns.tf index f63b5abc0..a59badbca 100644 --- a/java/google/registry/proxy/terraform/modules/dns.tf +++ b/java/google/registry/proxy/terraform/modules/dns.tf @@ -1,36 +1,36 @@ resource "google_dns_managed_zone" "proxy_domain" { - name = "proxy-domain" + name = "proxy-domain" dns_name = "${var.proxy_domain_name}." } resource "google_dns_record_set" "proxy_epp_a_record" { - name = "epp.${google_dns_managed_zone.proxy_domain.dns_name}" - type = "A" - ttl = 300 + name = "epp.${google_dns_managed_zone.proxy_domain.dns_name}" + type = "A" + ttl = 300 managed_zone = "${google_dns_managed_zone.proxy_domain.name}" - rrdatas = ["${google_compute_global_address.proxy_ipv4_address.address}"] + rrdatas = ["${google_compute_global_address.proxy_ipv4_address.address}"] } resource "google_dns_record_set" "proxy_epp_aaaa_record" { - name = "epp.${google_dns_managed_zone.proxy_domain.dns_name}" - type = "AAAA" - ttl = 300 + name = "epp.${google_dns_managed_zone.proxy_domain.dns_name}" + type = "AAAA" + ttl = 300 managed_zone = "${google_dns_managed_zone.proxy_domain.name}" - rrdatas = ["${google_compute_global_address.proxy_ipv6_address.address}"] + rrdatas = ["${google_compute_global_address.proxy_ipv6_address.address}"] } resource "google_dns_record_set" "proxy_whois_a_record" { - name = "whois.${google_dns_managed_zone.proxy_domain.dns_name}" - type = "A" - ttl = 300 + name = "whois.${google_dns_managed_zone.proxy_domain.dns_name}" + type = "A" + ttl = 300 managed_zone = "${google_dns_managed_zone.proxy_domain.name}" - rrdatas = ["${google_compute_global_address.proxy_ipv4_address.address}"] + rrdatas = ["${google_compute_global_address.proxy_ipv4_address.address}"] } resource "google_dns_record_set" "proxy_whois_aaaa_record" { - name = "whois.${google_dns_managed_zone.proxy_domain.dns_name}" - type = "AAAA" - ttl = 300 + name = "whois.${google_dns_managed_zone.proxy_domain.dns_name}" + type = "AAAA" + ttl = 300 managed_zone = "${google_dns_managed_zone.proxy_domain.name}" - rrdatas = ["${google_compute_global_address.proxy_ipv6_address.address}"] + rrdatas = ["${google_compute_global_address.proxy_ipv6_address.address}"] } diff --git a/java/google/registry/proxy/terraform/modules/gke.tf b/java/google/registry/proxy/terraform/modules/gke.tf index a0664c94b..787bdbb74 100644 --- a/java/google/registry/proxy/terraform/modules/gke.tf +++ b/java/google/registry/proxy/terraform/modules/gke.tf @@ -1,29 +1,29 @@ module "proxy_gke_americas" { - source = "./gke" - proxy_cluster_region = "americas" + source = "./gke" + proxy_cluster_region = "americas" proxy_service_account_email = "${google_service_account.proxy_service_account.email}" - proxy_ports = "${var.proxy_ports}" + proxy_ports = "${var.proxy_ports}" } module "proxy_gke_emea" { - source = "./gke" - proxy_cluster_region = "emea" + source = "./gke" + proxy_cluster_region = "emea" proxy_service_account_email = "${google_service_account.proxy_service_account.email}" - proxy_ports = "${var.proxy_ports}" + proxy_ports = "${var.proxy_ports}" } module "proxy_gke_apac" { - source = "./gke" - proxy_cluster_region = "apac" + source = "./gke" + proxy_cluster_region = "apac" proxy_service_account_email = "${google_service_account.proxy_service_account.email}" - proxy_ports = "${var.proxy_ports}" + proxy_ports = "${var.proxy_ports}" } locals { "proxy_instance_groups" = { - americas = "${module.proxy_gke_americas.proxy_instance_group}", - emea = "${module.proxy_gke_emea.proxy_instance_group}", - apac = "${module.proxy_gke_apac.proxy_instance_group}", + americas = "${module.proxy_gke_americas.proxy_instance_group}" + emea = "${module.proxy_gke_emea.proxy_instance_group}" + apac = "${module.proxy_gke_apac.proxy_instance_group}" } } diff --git a/java/google/registry/proxy/terraform/modules/gke/cluster.tf b/java/google/registry/proxy/terraform/modules/gke/cluster.tf index a8fa6022d..e325bdad6 100644 --- a/java/google/registry/proxy/terraform/modules/gke/cluster.tf +++ b/java/google/registry/proxy/terraform/modules/gke/cluster.tf @@ -7,31 +7,36 @@ data "google_container_engine_versions" "gke_version" { } resource "google_container_cluster" "proxy_cluster" { - name = "proxy-cluster-${var.proxy_cluster_region}" - zone = "${local.proxy_cluster_zone}" - node_version = "${data.google_container_engine_versions.gke_version.latest_node_version}" + name = "proxy-cluster-${var.proxy_cluster_region}" + zone = "${local.proxy_cluster_zone}" + node_version = "${data.google_container_engine_versions.gke_version.latest_node_version}" min_master_version = "${data.google_container_engine_versions.gke_version.latest_master_version}" node_pool { - name = "proxy-node-pool" + name = "proxy-node-pool" initial_node_count = 1 + node_config { tags = [ - "proxy-cluster"] + "proxy-cluster", + ] + service_account = "${var.proxy_service_account_email}" + oauth_scopes = [ "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email" + "https://www.googleapis.com/auth/userinfo.email", ] } + autoscaling { max_node_count = 5 min_node_count = 1 } + management { - auto_repair = true + auto_repair = true auto_upgrade = true } } } - diff --git a/java/google/registry/proxy/terraform/modules/gke/input.tf b/java/google/registry/proxy/terraform/modules/gke/input.tf index 91e2421ce..6482ef14c 100644 --- a/java/google/registry/proxy/terraform/modules/gke/input.tf +++ b/java/google/registry/proxy/terraform/modules/gke/input.tf @@ -4,10 +4,11 @@ variable "proxy_cluster_region" {} variable "proxy_cluster_zones" { type = "map" + default = { americas = "us-east4-a" - emea = "europe-west4-b" - apac = "asia-northeast1-c" + emea = "europe-west4-b" + apac = "asia-northeast1-c" } } diff --git a/java/google/registry/proxy/terraform/modules/iam.tf b/java/google/registry/proxy/terraform/modules/iam.tf index d6b5b7783..aecc487ac 100644 --- a/java/google/registry/proxy/terraform/modules/iam.tf +++ b/java/google/registry/proxy/terraform/modules/iam.tf @@ -1,26 +1,26 @@ resource "google_service_account" "proxy_service_account" { - account_id = "proxy-service-account" + account_id = "proxy-service-account" display_name = "Nomulus proxy service account" } resource "google_project_iam_member" "nomulus_project_viewer" { project = "${var.nomulus_project_name}" - role = "roles/viewer" - member = "serviceAccount:${google_service_account.proxy_service_account.email}" + role = "roles/viewer" + member = "serviceAccount:${google_service_account.proxy_service_account.email}" } resource "google_project_iam_member" "gcr_storage_viewer" { project = "${var.gcr_project_name}" - role = "roles/storage.objectViewer" - member = "serviceAccount:${google_service_account.proxy_service_account.email}" + role = "roles/storage.objectViewer" + member = "serviceAccount:${google_service_account.proxy_service_account.email}" } resource "google_project_iam_member" "metric_writer" { - role = "roles/monitoring.metricWriter" + role = "roles/monitoring.metricWriter" member = "serviceAccount:${google_service_account.proxy_service_account.email}" } resource "google_project_iam_member" "log_writer" { - role = "roles/logging.logWriter" + role = "roles/logging.logWriter" member = "serviceAccount:${google_service_account.proxy_service_account.email}" } diff --git a/java/google/registry/proxy/terraform/modules/input.tf b/java/google/registry/proxy/terraform/modules/input.tf index 785166787..d1a49f81a 100644 --- a/java/google/registry/proxy/terraform/modules/input.tf +++ b/java/google/registry/proxy/terraform/modules/input.tf @@ -23,9 +23,10 @@ variable "proxy_key" { # Node ports exposed by the proxy. variable "proxy_ports" { type = "map" + default = { health_check = 30000 - whois = 30001 - epp = 30002 + whois = 30001 + epp = 30002 } } diff --git a/java/google/registry/proxy/terraform/modules/kms.tf b/java/google/registry/proxy/terraform/modules/kms.tf index 3e1df5d43..7767ddc45 100644 --- a/java/google/registry/proxy/terraform/modules/kms.tf +++ b/java/google/registry/proxy/terraform/modules/kms.tf @@ -1,16 +1,15 @@ resource "google_kms_key_ring" "proxy_key_ring" { - name = "${var.proxy_key_ring}" + name = "${var.proxy_key_ring}" location = "global" } resource "google_kms_crypto_key" "proxy_key" { - name = "${var.proxy_key}" + name = "${var.proxy_key}" key_ring = "${google_kms_key_ring.proxy_key_ring.id}" } resource "google_kms_crypto_key_iam_member" "ssl_key_decrypter" { crypto_key_id = "${google_kms_crypto_key.proxy_key.id}" - role = "roles/cloudkms.cryptoKeyDecrypter" - member = "serviceAccount:${google_service_account.proxy_service_account.email}" + role = "roles/cloudkms.cryptoKeyDecrypter" + member = "serviceAccount:${google_service_account.proxy_service_account.email}" } - diff --git a/java/google/registry/proxy/terraform/modules/networking.tf b/java/google/registry/proxy/terraform/modules/networking.tf index 2d8f8ee73..55c0d58d5 100644 --- a/java/google/registry/proxy/terraform/modules/networking.tf +++ b/java/google/registry/proxy/terraform/modules/networking.tf @@ -1,31 +1,34 @@ resource "google_compute_global_address" "proxy_ipv4_address" { - name = "proxy-ipv4-address" + name = "proxy-ipv4-address" ip_version = "IPV4" } resource "google_compute_global_address" "proxy_ipv6_address" { - name = "proxy-ipv6-address" + name = "proxy-ipv6-address" ip_version = "IPV6" } resource "google_compute_firewall" "proxy_firewall" { - name = "proxy-firewall" + name = "proxy-firewall" network = "default" allow { protocol = "tcp" + ports = [ "${var.proxy_ports["epp"]}", "${var.proxy_ports["whois"]}", - "${var.proxy_ports["health_check"]}"] + "${var.proxy_ports["health_check"]}", + ] } source_ranges = [ "130.211.0.0/22", - "35.191.0.0/16"] + "35.191.0.0/16", + ] target_tags = [ - "proxy-cluster" + "proxy-cluster", ] } @@ -33,84 +36,94 @@ resource "google_compute_health_check" "proxy_health_check" { name = "proxy-health-check" tcp_health_check { - port = "${var.proxy_ports["health_check"]}" - request = "HEALTH_CHECK_REQUEST" + port = "${var.proxy_ports["health_check"]}" + request = "HEALTH_CHECK_REQUEST" response = "HEALTH_CHECK_RESPONSE" } } resource "google_compute_backend_service" "epp_backend_service" { - name = "epp-backend-service" - protocol = "TCP" + name = "epp-backend-service" + protocol = "TCP" timeout_sec = 3600 - port_name = "epp" + port_name = "epp" + backend { group = "${local.proxy_instance_groups["americas"]}" } + backend { group = "${local.proxy_instance_groups["emea"]}" } + backend { group = "${local.proxy_instance_groups["apac"]}" } + health_checks = [ - "${google_compute_health_check.proxy_health_check.self_link}"] + "${google_compute_health_check.proxy_health_check.self_link}", + ] } resource "google_compute_backend_service" "whois_backend_service" { - name = "whois-backend-service" - protocol = "TCP" + name = "whois-backend-service" + protocol = "TCP" timeout_sec = 60 - port_name = "whois" + port_name = "whois" + backend { group = "${local.proxy_instance_groups["americas"]}" } + backend { group = "${local.proxy_instance_groups["emea"]}" } + backend { group = "${local.proxy_instance_groups["apac"]}" } + health_checks = [ - "${google_compute_health_check.proxy_health_check.self_link}"] + "${google_compute_health_check.proxy_health_check.self_link}", + ] } resource "google_compute_target_tcp_proxy" "epp_tcp_proxy" { - name = "epp-tcp-proxy" - proxy_header = "PROXY_V1" + name = "epp-tcp-proxy" + proxy_header = "PROXY_V1" backend_service = "${google_compute_backend_service.epp_backend_service.self_link}" } resource "google_compute_target_tcp_proxy" "whois_tcp_proxy" { - name = "whois-tcp-proxy" - proxy_header = "PROXY_V1" + name = "whois-tcp-proxy" + proxy_header = "PROXY_V1" backend_service = "${google_compute_backend_service.whois_backend_service.self_link}" } resource "google_compute_global_forwarding_rule" "epp_ipv4_forwarding_rule" { - name = "epp-ipv4-forwarding-rule" + name = "epp-ipv4-forwarding-rule" ip_address = "${google_compute_global_address.proxy_ipv4_address.address}" - target = "${google_compute_target_tcp_proxy.epp_tcp_proxy.self_link}" + target = "${google_compute_target_tcp_proxy.epp_tcp_proxy.self_link}" port_range = "700" } resource "google_compute_global_forwarding_rule" "epp_ipv6_forwarding_rule" { - name = "epp-ipv6-forwarding-rule" + name = "epp-ipv6-forwarding-rule" ip_address = "${google_compute_global_address.proxy_ipv6_address.address}" - target = "${google_compute_target_tcp_proxy.epp_tcp_proxy.self_link}" + target = "${google_compute_target_tcp_proxy.epp_tcp_proxy.self_link}" port_range = "700" } resource "google_compute_global_forwarding_rule" "whois_ipv4_forwarding_rule" { - name = "whois-ipv4-forwarding-rule" + name = "whois-ipv4-forwarding-rule" ip_address = "${google_compute_global_address.proxy_ipv4_address.address}" - target = "${google_compute_target_tcp_proxy.whois_tcp_proxy.self_link}" + target = "${google_compute_target_tcp_proxy.whois_tcp_proxy.self_link}" port_range = "43" } resource "google_compute_global_forwarding_rule" "whois_ipv6_forwarding_rule" { - name = "whois-ipv6-forwarding-rule" + name = "whois-ipv6-forwarding-rule" ip_address = "${google_compute_global_address.proxy_ipv6_address.address}" - target = "${google_compute_target_tcp_proxy.whois_tcp_proxy.self_link}" + target = "${google_compute_target_tcp_proxy.whois_tcp_proxy.self_link}" port_range = "43" }