From 032c65d9315f8d49b32b9016d93bbf284c882f9e Mon Sep 17 00:00:00 2001 From: UMM KULSUM Date: Fri, 21 Nov 2025 12:27:13 +0000 Subject: [PATCH 1/9] feat(vm): Make compute_instance submodule ADC compliant --- .terraform.lock | 0 Makefile | 31 +- .../compute_instance/metadata.display.yaml | 3 + modules/compute_instance/metadata.yaml | 272 ++++++++++++++++++ 4 files changed, 288 insertions(+), 18 deletions(-) create mode 100644 .terraform.lock diff --git a/.terraform.lock b/.terraform.lock new file mode 100644 index 00000000..e69de29b diff --git a/Makefile b/Makefile index a3e495f4..a08a7262 100644 --- a/Makefile +++ b/Makefile @@ -24,45 +24,40 @@ REGISTRY_URL := gcr.io/cloud-foundation-cicd ENABLE_BPMETADATA := 1 export ENABLE_BPMETADATA +# This is the fix: A common set of flags for docker commands that need GCP authentication. +# It removes the failing SERVICE_ACCOUNT_JSON and adds a volume mount for gcloud config. +AUTH_DOCKER_FLAGS = --rm -it \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v "$(CURDIR)":/workspace \ + -v ~/.config/gcloud:/root/.config/gcloud + # Enter docker container for local development .PHONY: docker_run docker_run: - docker run --rm -it \ - -e SERVICE_ACCOUNT_JSON \ - -v "$(CURDIR)":/workspace \ + docker run $(AUTH_DOCKER_FLAGS) \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash # Execute prepare tests within the docker container .PHONY: docker_test_prepare docker_test_prepare: - docker run --rm -it \ - -e SERVICE_ACCOUNT_JSON \ - -e TF_VAR_org_id \ - -e TF_VAR_folder_id \ - -e TF_VAR_billing_account \ - -v "$(CURDIR)":/workspace \ + docker run $(AUTH_DOCKER_FLAGS) \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /usr/local/bin/execute_with_credentials.sh prepare_environment # Clean up test environment within the docker container .PHONY: docker_test_cleanup docker_test_cleanup: - docker run --rm -it \ - -e SERVICE_ACCOUNT_JSON \ - -e TF_VAR_org_id \ - -e TF_VAR_folder_id \ - -e TF_VAR_billing_account \ - -v "$(CURDIR)":/workspace \ + docker run $(AUTH_DOCKER_FLAGS) \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /usr/local/bin/execute_with_credentials.sh cleanup_environment # Execute integration tests within the docker container .PHONY: docker_test_integration docker_test_integration: - docker run --rm -it \ - -e SERVICE_ACCOUNT_JSON \ - -v "$(CURDIR)":/workspace \ + docker run $(AUTH_DOCKER_FLAGS) \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /usr/local/bin/test_integration.sh diff --git a/modules/compute_instance/metadata.display.yaml b/modules/compute_instance/metadata.display.yaml index d2655a94..50711388 100644 --- a/modules/compute_instance/metadata.display.yaml +++ b/modules/compute_instance/metadata.display.yaml @@ -43,6 +43,7 @@ spec: hostname: name: hostname title: Hostname + level: 1 hostname_suffix_separator: name: hostname_suffix_separator title: Hostname Suffix Separator @@ -61,6 +62,7 @@ spec: num_instances: name: num_instances title: Num Instances + level: 1 region: name: region title: Region @@ -82,3 +84,4 @@ spec: zone: name: zone title: Zone + level: 1 diff --git a/modules/compute_instance/metadata.yaml b/modules/compute_instance/metadata.yaml index 084f071e..2ae46d26 100644 --- a/modules/compute_instance/metadata.yaml +++ b/modules/compute_instance/metadata.yaml @@ -90,6 +90,12 @@ spec: description: Subnet to deploy to. Only one of network or subnetwork should be specified. varType: string defaultValue: "" + connections: + - source: + source: github.com/terraform-google-modules/terraform-google-network//modules/subnets + version: ~> 6.0 + spec: + outputExpr: subnets[0].self_link - name: subnetwork_project description: The project that subnetwork belongs to varType: string @@ -106,6 +112,12 @@ spec: description: List of static IPs for VM instances varType: list(string) defaultValue: [] + connections: + - source: + source: github.com/terraform-google-modules/terraform-google-address + version: ~> 4.2 + spec: + outputExpr: addresses - name: access_config description: Access configurations, i.e. IPs via which the VM instance can be accessed via the Internet. varType: |- @@ -129,6 +141,12 @@ spec: description: Instance template self_link used to create compute instances varType: string required: true + connections: + - source: + source: github.com/terraform-google-modules/terraform-google-vm//modules/instance_template + version: ~> 13.6 + spec: + outputExpr: self_link - name: region description: Region where the instances should be created. varType: string @@ -164,10 +182,264 @@ spec: outputs: - name: available_zones description: List of available zones in region + type: + - list + - string - name: instances_details description: List of all details for compute instances + type: + - tuple + - - - object + - advanced_machine_features: + - list + - - object + - enable_nested_virtualization: bool + enable_uefi_networking: bool + performance_monitoring_unit: string + threads_per_core: number + turbo_mode: string + visible_core_count: number + allow_stopping_for_update: bool + attached_disk: + - list + - - object + - device_name: string + disk_encryption_key_raw: string + disk_encryption_key_rsa: string + disk_encryption_key_sha256: string + disk_encryption_service_account: string + force_attach: bool + kms_key_self_link: string + mode: string + source: string + boot_disk: + - list + - - object + - auto_delete: bool + device_name: string + disk_encryption_key_raw: string + disk_encryption_key_rsa: string + disk_encryption_key_sha256: string + disk_encryption_service_account: string + force_attach: bool + guest_os_features: + - list + - string + initialize_params: + - list + - - object + - architecture: string + enable_confidential_compute: bool + image: string + labels: + - map + - string + provisioned_iops: number + provisioned_throughput: number + resource_manager_tags: + - map + - string + resource_policies: + - list + - string + size: number + snapshot: string + source_image_encryption_key: + - list + - - object + - kms_key_self_link: string + kms_key_service_account: string + raw_key: string + rsa_encrypted_key: string + sha256: string + source_snapshot_encryption_key: + - list + - - object + - kms_key_self_link: string + kms_key_service_account: string + raw_key: string + rsa_encrypted_key: string + sha256: string + storage_pool: string + type: string + interface: string + kms_key_self_link: string + mode: string + source: string + can_ip_forward: bool + confidential_instance_config: + - list + - - object + - confidential_instance_type: string + enable_confidential_compute: bool + cpu_platform: string + creation_timestamp: string + current_status: string + deletion_protection: bool + description: string + desired_status: string + effective_labels: + - map + - string + enable_display: bool + guest_accelerator: + - list + - - object + - count: number + type: string + hostname: string + id: string + instance_encryption_key: + - list + - - object + - kms_key_self_link: string + kms_key_service_account: string + sha256: string + instance_id: string + key_revocation_action_type: string + label_fingerprint: string + labels: + - map + - string + machine_type: string + metadata: + - map + - string + metadata_fingerprint: string + metadata_startup_script: string + min_cpu_platform: string + name: string + network_interface: + - list + - - object + - access_config: + - list + - - object + - nat_ip: string + network_tier: string + public_ptr_domain_name: string + alias_ip_range: + - list + - - object + - ip_cidr_range: string + subnetwork_range_name: string + internal_ipv6_prefix_length: number + ipv6_access_config: + - list + - - object + - external_ipv6: string + external_ipv6_prefix_length: string + name: string + network_tier: string + public_ptr_domain_name: string + ipv6_access_type: string + ipv6_address: string + name: string + network: string + network_attachment: string + network_ip: string + nic_type: string + queue_count: number + stack_type: string + subnetwork: string + subnetwork_project: string + network_performance_config: + - list + - - object + - total_egress_bandwidth_tier: string + params: + - list + - - object + - resource_manager_tags: + - map + - string + project: string + reservation_affinity: + - list + - - object + - specific_reservation: + - list + - - object + - key: string + values: + - list + - string + type: string + resource_policies: + - list + - string + scheduling: + - list + - - object + - automatic_restart: bool + availability_domain: number + instance_termination_action: string + local_ssd_recovery_timeout: + - list + - - object + - nanos: number + seconds: number + max_run_duration: + - list + - - object + - nanos: number + seconds: number + min_node_cpus: number + node_affinities: + - set + - - object + - key: string + operator: string + values: + - set + - string + on_host_maintenance: string + on_instance_stop_action: + - list + - - object + - discard_local_ssd: bool + preemptible: bool + provisioning_model: string + termination_time: string + scratch_disk: + - list + - - object + - device_name: string + interface: string + size: number + self_link: string + service_account: + - list + - - object + - email: string + scopes: + - set + - string + shielded_instance_config: + - list + - - object + - enable_integrity_monitoring: bool + enable_secure_boot: bool + enable_vtpm: bool + source_instance_template: string + tags: + - set + - string + tags_fingerprint: string + terraform_labels: + - map + - string + timeouts: + - object + - create: string + delete: string + update: string + zone: string - name: instances_self_links description: List of self-links for compute instances + type: + - tuple + - - string requirements: roles: - level: Project From eb922a7a810c035145eb8809808c3d4539c54d5a Mon Sep 17 00:00:00 2001 From: Umm-E-Kulsum <96620617+Umm-E-Kulsum@users.noreply.github.com> Date: Fri, 21 Nov 2025 18:28:25 +0530 Subject: [PATCH 2/9] Update version to 13.6.2 in metadata.yaml --- modules/compute_instance/metadata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/compute_instance/metadata.yaml b/modules/compute_instance/metadata.yaml index 2ae46d26..999bf952 100644 --- a/modules/compute_instance/metadata.yaml +++ b/modules/compute_instance/metadata.yaml @@ -25,7 +25,7 @@ spec: repo: https://github.com/terraform-google-modules/terraform-google-vm sourceType: git dir: /modules/compute_instance - version: 13.6.1 + version: 13.6.2 actuationTool: flavor: Terraform version: ">=1.3.0" From 434fc51036d10f43c3ada68111c7cbc35ecca5b9 Mon Sep 17 00:00:00 2001 From: Umm-E-Kulsum <96620617+Umm-E-Kulsum@users.noreply.github.com> Date: Fri, 21 Nov 2025 18:29:40 +0530 Subject: [PATCH 3/9] Update version to 13.6.3 in metadata.yaml --- modules/compute_instance/metadata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/compute_instance/metadata.yaml b/modules/compute_instance/metadata.yaml index 999bf952..62448627 100644 --- a/modules/compute_instance/metadata.yaml +++ b/modules/compute_instance/metadata.yaml @@ -25,7 +25,7 @@ spec: repo: https://github.com/terraform-google-modules/terraform-google-vm sourceType: git dir: /modules/compute_instance - version: 13.6.2 + version: 13.6.3 actuationTool: flavor: Terraform version: ">=1.3.0" From 49095c24f79b0372348c2590fce3186fee2f4de3 Mon Sep 17 00:00:00 2001 From: Umm-E-Kulsum <96620617+Umm-E-Kulsum@users.noreply.github.com> Date: Fri, 21 Nov 2025 19:43:51 +0530 Subject: [PATCH 4/9] Downgrade version from 13.6 to 13.5 --- modules/compute_instance/metadata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/compute_instance/metadata.yaml b/modules/compute_instance/metadata.yaml index 62448627..f4364ef8 100644 --- a/modules/compute_instance/metadata.yaml +++ b/modules/compute_instance/metadata.yaml @@ -144,7 +144,7 @@ spec: connections: - source: source: github.com/terraform-google-modules/terraform-google-vm//modules/instance_template - version: ~> 13.6 + version: ~> 13.5 spec: outputExpr: self_link - name: region From b7b6cf7b92257bf542b67e9fc081feb2ea5af9d2 Mon Sep 17 00:00:00 2001 From: UMM KULSUM Date: Mon, 24 Nov 2025 16:39:16 +0000 Subject: [PATCH 5/9] chore: Remove terraform.lock.hcl from version control --- .terraform.lock | 0 Makefile | 31 ++++++++++++++++++------------- 2 files changed, 18 insertions(+), 13 deletions(-) delete mode 100644 .terraform.lock diff --git a/.terraform.lock b/.terraform.lock deleted file mode 100644 index e69de29b..00000000 diff --git a/Makefile b/Makefile index a08a7262..a3e495f4 100644 --- a/Makefile +++ b/Makefile @@ -24,40 +24,45 @@ REGISTRY_URL := gcr.io/cloud-foundation-cicd ENABLE_BPMETADATA := 1 export ENABLE_BPMETADATA -# This is the fix: A common set of flags for docker commands that need GCP authentication. -# It removes the failing SERVICE_ACCOUNT_JSON and adds a volume mount for gcloud config. -AUTH_DOCKER_FLAGS = --rm -it \ - -e TF_VAR_org_id \ - -e TF_VAR_folder_id \ - -e TF_VAR_billing_account \ - -v "$(CURDIR)":/workspace \ - -v ~/.config/gcloud:/root/.config/gcloud - # Enter docker container for local development .PHONY: docker_run docker_run: - docker run $(AUTH_DOCKER_FLAGS) \ + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash # Execute prepare tests within the docker container .PHONY: docker_test_prepare docker_test_prepare: - docker run $(AUTH_DOCKER_FLAGS) \ + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /usr/local/bin/execute_with_credentials.sh prepare_environment # Clean up test environment within the docker container .PHONY: docker_test_cleanup docker_test_cleanup: - docker run $(AUTH_DOCKER_FLAGS) \ + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /usr/local/bin/execute_with_credentials.sh cleanup_environment # Execute integration tests within the docker container .PHONY: docker_test_integration docker_test_integration: - docker run $(AUTH_DOCKER_FLAGS) \ + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /usr/local/bin/test_integration.sh From 767212683a14d83584671aeb149df98c6ab5ba8b Mon Sep 17 00:00:00 2001 From: UMM KULSUM Date: Tue, 25 Nov 2025 05:36:04 +0000 Subject: [PATCH 6/9] make generate_docs --- modules/compute_instance/metadata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/compute_instance/metadata.yaml b/modules/compute_instance/metadata.yaml index f4364ef8..f4635cc2 100644 --- a/modules/compute_instance/metadata.yaml +++ b/modules/compute_instance/metadata.yaml @@ -25,7 +25,7 @@ spec: repo: https://github.com/terraform-google-modules/terraform-google-vm sourceType: git dir: /modules/compute_instance - version: 13.6.3 + version: 13.6.1 actuationTool: flavor: Terraform version: ">=1.3.0" From 9e62f311a6afede74443e0191604020b089d6eb8 Mon Sep 17 00:00:00 2001 From: Umm-E-Kulsum <96620617+Umm-E-Kulsum@users.noreply.github.com> Date: Tue, 25 Nov 2025 11:28:35 +0530 Subject: [PATCH 7/9] Update version of compute instance module --- modules/compute_instance/metadata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/compute_instance/metadata.yaml b/modules/compute_instance/metadata.yaml index f4635cc2..f4364ef8 100644 --- a/modules/compute_instance/metadata.yaml +++ b/modules/compute_instance/metadata.yaml @@ -25,7 +25,7 @@ spec: repo: https://github.com/terraform-google-modules/terraform-google-vm sourceType: git dir: /modules/compute_instance - version: 13.6.1 + version: 13.6.3 actuationTool: flavor: Terraform version: ">=1.3.0" From ebd21aaebab9c9f6c768ce955d41a49174f5ae2b Mon Sep 17 00:00:00 2001 From: Umm-E-Kulsum <96620617+Umm-E-Kulsum@users.noreply.github.com> Date: Tue, 25 Nov 2025 11:53:46 +0530 Subject: [PATCH 8/9] Downgrade version in metadata.yaml to 13.6.1 --- modules/compute_instance/metadata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/compute_instance/metadata.yaml b/modules/compute_instance/metadata.yaml index f4364ef8..f4635cc2 100644 --- a/modules/compute_instance/metadata.yaml +++ b/modules/compute_instance/metadata.yaml @@ -25,7 +25,7 @@ spec: repo: https://github.com/terraform-google-modules/terraform-google-vm sourceType: git dir: /modules/compute_instance - version: 13.6.3 + version: 13.6.1 actuationTool: flavor: Terraform version: ">=1.3.0" From f9dd3638981af5c601dc9a5aa56407b09ec22a44 Mon Sep 17 00:00:00 2001 From: Umm-E-Kulsum <96620617+Umm-E-Kulsum@users.noreply.github.com> Date: Tue, 25 Nov 2025 12:07:20 +0530 Subject: [PATCH 9/9] Update VM module version to 13.6.3 --- modules/compute_instance/metadata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/compute_instance/metadata.yaml b/modules/compute_instance/metadata.yaml index f4635cc2..f4364ef8 100644 --- a/modules/compute_instance/metadata.yaml +++ b/modules/compute_instance/metadata.yaml @@ -25,7 +25,7 @@ spec: repo: https://github.com/terraform-google-modules/terraform-google-vm sourceType: git dir: /modules/compute_instance - version: 13.6.1 + version: 13.6.3 actuationTool: flavor: Terraform version: ">=1.3.0"