zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-04-29 19:47:51 +02:00
Code Issues Projects Releases Packages Wiki Activity
4379 commits 2 branches 2498 tags 141 MiB
Commit graph

7 commits

Author SHA1 Message Date
Michael Muller
1b4b217588 Update terraform files and instructions (#1402) 
* Update terraform files and instructions

Update proxy terraform files based on current best practices and allow
exclusion of forwarding rules for HTTP endpoints.  Specifically:
-   Add a "public_web_whois" input to allow disabling the public HTTP
    whois forwarding.
-   Add "description" fields to all variables.
-   Move outputs of the top-level module into "outputs.tf".
-   Auto-reformat using hclfmt.
 2021-10-29 09:10:23 -04:00
Lai Jiang
b4a4e23d5e Increase the maximum number of nodes in a nood pool to 15 (#672) 2020-07-10 21:54:18 -04:00
Lai Jiang
b7b4658d0c Patch terraform changes made internally (#651) 
There were several LSC that made some formatting changes to our .tf
files. Export these changes externally for consistency.
 2020-06-25 13:59:37 -04:00
Lai Jiang
de02996f00 No-op: Use nicer HCL2 syntax. (#384) 
Generated with perl -pi -e 's/\"\$\{([a-zA-Z0-9._-]*)\}\"/$1/g' $(find ./ -name '*.tf')

Copied from cl/282012376.
 2019-11-22 16:08:56 -05:00
Lai Jiang
a6aa1ca9fe Protect KMS-secured data against destruction in upcoming google provider update. (#284) 
Export of cl/270900150.

To refer to a KMS key or key ring, we should use the stable `.self_link`. Using `.id` instead provides an unstable identifier which may change (and it will change in the upcoming update of the google provider to 2.9.1). A change in the identifier will cause Terraform to destroy and recreate the key. Destroying the key means all data associated with it is lost; the key cannot be recreated.

This CL replaces `.id` with `.self_link`, so all of those problems will not happen. In addition, `prevent_destroy` protects the key against delete-and-recreate in general.
 2019-09-27 12:12:58 -04:00
Lai Jiang
3202665660 Update IAM binding to restrict proxy service account's access to GCS (#125) 
Per
https://cloud.google.com/container-registry/docs/access-control#granting_users_and_other_projects_access_to_a_registry,
for a service account to access GCR, it does not need reader access to *all*
buckets in a project, but just the specific one.

This is duped from cl/254092941.
 2019-06-21 15:59:01 -04:00
Lai Jiang
684bb119db Move terraform and kubernetes folder to be under proxy (#127) 
* Move terraform and kubernetes folder to be under proxy

There is no reason for them to be under proxy/src/... any more now that
we have a Gradle-idiomatic folder structure.
 2019-06-20 14:28:32 -04:00