Support for helpers

.github/workflows/test.yml

@@ -18,6 +18,6 @@ jobs:
     uses: osinfra-io/github-terraform-gcp-called-workflows/.github/workflows/[email protected]
     if: github.actor != 'dependabot[bot]'
     with:
-      service_account: plt-lz-testing-github@ptl-lz-terraform-tf91-sb.iam.gserviceaccount.com
+      service_account: plt-lz-testing-github@plt-lz-terraform-tf00-sb.iam.gserviceaccount.com
       terraform_version: ${{ vars.TERRAFORM_VERSION }}
       workload_identity_provider: projects/746490462722/locations/global/workloadIdentityPools/github-actions/providers/github-actions-oidc

.pre-commit-config.yaml

@@ -3,15 +3,15 @@
 
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
       - id: check-yaml
       - id: end-of-file-fixer
       - id: trailing-whitespace
       - id: check-symlinks
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.95.0
+    rev: v1.96.2
     hooks:
       - id: terraform_fmt
 
@@ -29,9 +29,12 @@ repos:
       - id: terraform_docs
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: 3.2.254
+    rev: 3.2.344
     hooks:
       - id: checkov
         verbose: true
         args:
+          - --download-external-modules=true
+          - --skip-check
+          - "CKV_TF_1"
           - --quiet

README.md

@@ -72,7 +72,13 @@ terraform test
 
 | Name | Version |
 |------|---------|
-| google | 6.2.0 |
+| google | 6.14.1 |
+
+### Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| helpers | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 |
 
 ### Resources
 

helpers.tf

@@ -0,0 +1 @@
+shared/helpers.tf

regional/README.md

@@ -2,7 +2,7 @@
 
 A child module automatically inherits its parent's default (un-aliased) provider configurations. The provider versions below are informational only and do **not** need to align with the provider configurations from its parent.
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 No requirements.
@@ -11,11 +11,13 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 5.40.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.14.1 |
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_helpers"></a> [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 |
 
 ## Resources
 
@@ -33,14 +35,13 @@ No modules.
 | <a name="input_private_ip_google_access"></a> [private\_ip\_google\_access](#input\_private\_ip\_google\_access) | When enabled, VMs in this subnetwork without external IP addresses can access Google APIs and services by using Private Google Access | `bool` | `null` | no |
 | <a name="input_project"></a> [project](#input\_project) | The ID of the project in which the resource belongs | `string` | n/a | yes |
 | <a name="input_purpose"></a> [purpose](#input\_purpose) | The purpose of the resource. This field can be either `PRIVATE_RFC_1918`, `INTERNAL_HTTPS_LOAD_BALANCER` or `REGIONAL_MANAGED_PROXY` | `string` | `null` | no |
-| <a name="input_region"></a> [region](#input\_region) | The region in which the resource belongs | `string` | n/a | yes |
 | <a name="input_role"></a> [role](#input\_role) | The role of subnetwork. The value can be set to `ACTIVE` or `BACKUP` | `string` | `null` | no |
-| <a name="input_secondary_ip_ranges"></a> [secondary\_ip\_ranges](#input\_secondary\_ip\_ranges) | An array of configurations for secondary IP ranges for VM instances contained in this subnetwork | <pre>list(object({<br>    ip_cidr_range = string<br>    range_name    = string<br>  }))</pre> | `[]` | no |
+| <a name="input_secondary_ip_ranges"></a> [secondary\_ip\_ranges](#input\_secondary\_ip\_ranges) | An array of configurations for secondary IP ranges for VM instances contained in this subnetwork | <pre>list(object({<br/>    ip_cidr_range = string<br/>    range_name    = string<br/>  }))</pre> | `[]` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | <a name="output_name"></a> [name](#output\_name) | The name of the subnetwork |
 | <a name="output_project"></a> [project](#output\_project) | The project ID |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->

regional/helpers.tf

@@ -0,0 +1 @@
+../shared/helpers.tf

regional/main.tf

@@ -12,7 +12,7 @@ resource "google_compute_subnetwork" "this" {
   private_ip_google_access = var.private_ip_google_access
   project                  = var.project
   purpose                  = var.purpose
-  region                   = var.region
+  region                   = module.helpers.region
   role                     = var.role
 
   dynamic "secondary_ip_range" {

regional/nat/README.md

@@ -2,7 +2,7 @@
 
 A child module automatically inherits its parent's default (un-aliased) provider configurations. The provider versions below are informational only and do **not** need to align with the provider configurations from its parent.
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 No requirements.
@@ -11,11 +11,13 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 5.40.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.14.1 |
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_helpers"></a> [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 |
 
 ## Resources
 
@@ -31,7 +33,6 @@ No modules.
 | <a name="input_network"></a> [network](#input\_network) | The network to enable Cloud NAT on | `string` | n/a | yes |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | The prefix for the resource name.  Defaults to var.network | `string` | `""` | no |
 | <a name="input_project"></a> [project](#input\_project) | The ID of the project in which the resource belongs | `string` | n/a | yes |
-| <a name="input_region"></a> [region](#input\_region) | The region in which the resource belongs | `string` | n/a | yes |
 | <a name="input_source_subnetwork_ip_ranges_to_nat"></a> [source\_subnetwork\_ip\_ranges\_to\_nat](#input\_source\_subnetwork\_ip\_ranges\_to\_nat) | How NAT should be configured per Subnetwork.  Possible values are ALL\_SUBNETWORKS\_ALL\_IP\_RANGES, ALL\_SUBNETWORKS\_ALL\_PRIMARY\_IP\_RANGES, and LIST\_OF\_SUBNETWORKS | `string` | `"ALL_SUBNETWORKS_ALL_IP_RANGES"` | no |
 | <a name="input_subnetwork_names"></a> [subnetwork\_names](#input\_subnetwork\_names) | Subnet names for NAT configuration.  Only used if source\_subnetwork\_ip\_ranges\_to\_nat is set to LIST\_OF\_SUBNETWORKS | `list(string)` | `[]` | no |
 
@@ -41,4 +42,4 @@ No modules.
 |------|-------------|
 | <a name="output_name"></a> [name](#output\_name) | The name of the cloud nat resources |
 | <a name="output_project"></a> [project](#output\_project) | The project ID |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->

regional/nat/helpers.tf

@@ -0,0 +1 @@
+../../shared/helpers.tf

regional/nat/locals.tf

@@ -2,6 +2,6 @@
 # https://www.terraform.io/docs/language/values/locals.html
 
 locals {
-  name   = "${local.prefix}-${var.region}"
+  name   = "${local.prefix}-${module.helpers.region}"
   prefix = var.prefix == "" ? var.network : var.prefix
 }

regional/nat/main.tf

@@ -5,7 +5,7 @@ resource "google_compute_router" "cloud_nat" {
   name    = local.name
   network = var.network
   project = var.project
-  region  = var.region
+  region  = module.helpers.region
 }
 
 # Compute Router NAT Resource
@@ -21,7 +21,7 @@ resource "google_compute_router_nat" "this" {
   name                               = local.name
   nat_ip_allocate_option             = "AUTO_ONLY"
   project                            = var.project
-  region                             = var.region
+  region                             = module.helpers.region
   router                             = google_compute_router.cloud_nat.name
   source_subnetwork_ip_ranges_to_nat = var.source_subnetwork_ip_ranges_to_nat
 

regional/nat/variables.tf

@@ -17,11 +17,6 @@ variable "project" {
   type        = string
 }
 
-variable "region" {
-  description = "The region in which the resource belongs"
-  type        = string
-}
-
 variable "source_subnetwork_ip_ranges_to_nat" {
   description = "How NAT should be configured per Subnetwork.  Possible values are ALL_SUBNETWORKS_ALL_IP_RANGES, ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, and LIST_OF_SUBNETWORKS"
   type        = string

regional/variables.tf

@@ -33,11 +33,6 @@ variable "purpose" {
   default     = null
 }
 
-variable "region" {
-  description = "The region in which the resource belongs"
-  type        = string
-}
-
 variable "role" {
   description = "The role of subnetwork. The value can be set to `ACTIVE` or `BACKUP`"
   type        = string

shared/helpers.tf

@@ -0,0 +1,6 @@
+# Terraform Core Child Module Helpers (osinfra.io)
+# https://github.com/osinfra-io/terraform-core-helpers
+
+module "helpers" {
+  source = "github.com/osinfra-io/terraform-core-helpers//child?ref=v0.1.2"
+}

tests/fixtures/default/regional/main.tf

@@ -18,7 +18,6 @@ module "test" {
 
   private_ip_google_access = true
   project                  = var.project
-  region                   = "mock-region"
 
   # Secondary ranges are used to allocate IP addresses to resources in a subnetwork. In this example we create Pod IP address ranges
   # and Service (ClusterIP) address ranges for a VPC-native cluster.

tests/fixtures/default/regional_nat/main.tf

@@ -11,7 +11,6 @@ module "all_subnets_test" {
 
   network = "mock-vpc"
   project = var.project
-  region  = "mock-region"
 }
 
 module "list_of_subnets_test" {
@@ -20,7 +19,6 @@ module "list_of_subnets_test" {
   network                            = "mock-vpc"
   prefix                             = "mock-vpc-subnetworks"
   project                            = var.project
-  region                             = "mock-region"
   source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
   subnetwork_names                   = ["mock-subnetwork"]
 }

tests/fixtures/default/regional_nat/variables.tf

@@ -1,7 +1,3 @@
-variable "environment" {
-  type = string
-}
-
 variable "project" {
   type = string
 }

tests/fixtures/default/variables.tf

@@ -1,7 +1,3 @@
-variable "environment" {
-  type = string
-}
-
 variable "project" {
   type = string
 }