├── examples ├── .gitkeep ├── machine-learning-pipeline │ ├── assets │ │ ├── Composer │ │ │ ├── .gitignore │ │ │ └── requirements.txt │ │ └── Vertexpipeline │ │ │ ├── src │ │ │ └── __init__.py │ │ │ ├── body.json │ │ │ ├── Dockerfile │ │ │ └── components │ │ │ └── bq_dataset_component │ │ │ └── create_bq_dataset.sql │ ├── ml_business_unit │ │ ├── development │ │ │ ├── common.auto.tfvars │ │ │ ├── outputs.tf │ │ │ ├── backend.tf │ │ │ ├── README.md │ │ │ ├── locals.tf │ │ │ └── versions.tf │ │ ├── nonproduction │ │ │ ├── common.auto.tfvars │ │ │ ├── backend.tf │ │ │ └── locals.tf │ │ └── production │ │ │ ├── common.auto.tfvars │ │ │ ├── backend.tf │ │ │ ├── locals.tf │ │ │ └── versions.tf │ ├── .gitignore │ ├── common.auto.example.tfvars │ └── modules │ │ └── base_env │ │ └── data.tf └── genai-rag-multimodal │ ├── terraform.tfvars │ └── versions.tf ├── CHANGELOG.md ├── 5-app-infra ├── projects │ ├── service-catalog │ │ ├── README.md │ │ ├── ml_business_unit │ │ │ └── shared │ │ │ │ ├── terraform.tfvars │ │ │ │ ├── locals.tf │ │ │ │ ├── backend.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── README.md │ │ │ │ └── versions.tf │ │ ├── modules │ │ │ └── service_catalog │ │ │ │ ├── data.tf │ │ │ │ ├── outputs.tf │ │ │ │ └── locals.tf │ │ └── terraform.example.tfvars │ └── artifact-publish │ │ ├── ml_business_unit │ │ └── shared │ │ │ ├── terraform.tfvars │ │ │ ├── locals.tf │ │ │ ├── backend.tf │ │ │ ├── README.md │ │ │ └── versions.tf │ │ ├── modules │ │ └── publish_artifacts │ │ │ ├── outputs.tf │ │ │ └── data.tf │ │ └── terraform.example.tfvars └── source_repos │ ├── artifact-publish │ ├── README.md │ └── images │ │ ├── tf2-cpu.2-8:01 │ │ └── Dockerfile │ │ ├── tf2-gpu.2-13:0.1 │ │ └── Dockerfile │ │ ├── tf2-cpu.2-13:0.1 │ │ └── Dockerfile │ │ └── vertexpipeline:v2 │ │ └── Dockerfile │ └── service-catalog │ ├── img │ └── workflow.png │ └── modules │ ├── bucket │ ├── outputs.tf │ └── data.tf │ ├── pubsub │ ├── outputs.tf │ └── data.tf │ ├── secrets │ ├── outputs.tf │ ├── locals.tf │ └── data.tf │ ├── metadata │ ├── outputs.tf │ ├── data.tf │ ├── main.tf │ └── README.md │ ├── tensorboard │ ├── outputs.tf │ ├── data.tf │ ├── main.tf │ └── README.md │ ├── bigquery │ ├── data.tf │ ├── locals.tf │ └── main.tf │ ├── artifact_registry │ ├── data.tf │ └── locals.tf │ ├── notebook │ └── locals.tf │ └── composer │ └── terraform.tfvars.example ├── 2-environments ├── envs │ ├── development │ │ ├── terraform.tfvars │ │ ├── backend.tf.cloud.example │ │ ├── backend.tf │ │ └── main.tf │ ├── nonproduction │ │ ├── terraform.tfvars │ │ ├── backend.tf.cloud.example │ │ ├── backend.tf │ │ └── main.tf │ └── production │ │ ├── terraform.tfvars │ │ ├── backend.tf.cloud.example │ │ └── backend.tf ├── imgs │ ├── edit-policy.png │ └── list-policy.png ├── terraform.example.tfvars ├── modules │ ├── ml_kms_keyring │ │ └── outputs.tf │ └── env_baseline │ │ └── iam.tf └── .gitignore ├── 3-networks-svpc ├── envs │ ├── shared │ │ ├── common.auto.tfvars │ │ ├── shared.auto.tfvars │ │ ├── access_context.auto.tfvars │ │ ├── partner_interconnect.auto.tfvars.example │ │ ├── backend.tf.cloud.example │ │ ├── outputs.tf │ │ ├── backend.tf │ │ ├── providers.tf │ │ └── versions.tf │ ├── development │ │ ├── common.auto.tfvars │ │ ├── access_context.auto.tfvars │ │ ├── development.auto.tfvars │ │ ├── backend.tf.cloud.example │ │ ├── backend.tf │ │ ├── providers.tf │ │ └── versions.tf │ ├── nonproduction │ │ ├── common.auto.tfvars │ │ ├── access_context.auto.tfvars │ │ ├── nonproduction.auto.tfvars │ │ ├── backend.tf.cloud.example │ │ ├── backend.tf │ │ ├── providers.tf │ │ └── versions.tf │ └── production │ │ ├── common.auto.tfvars │ │ ├── access_context.auto.tfvars │ │ ├── production.auto.tfvars │ │ ├── backend.tf.cloud.example │ │ ├── backend.tf │ │ ├── providers.tf │ │ └── versions.tf ├── access_context.auto.example.tfvars ├── modules │ ├── hierarchical_firewall_policy │ │ ├── outputs.tf │ │ └── README.md │ ├── ml_dns_notebooks │ │ └── versions.tf │ ├── base_env │ │ └── data.tf │ ├── base_shared_vpc │ │ └── private_service_connect.tf │ └── restricted_shared_vpc │ │ └── private_service_connect.tf ├── shared.auto.example.tfvars ├── common.auto.example.tfvars └── .gitignore ├── 4-projects ├── ml_business_unit │ ├── shared │ │ ├── common.auto.tfvars │ │ ├── shared.auto.tfvars │ │ ├── backend.tf.cloud.example │ │ ├── backend.tf │ │ └── versions.tf │ ├── development │ │ ├── common.auto.tfvars │ │ ├── development.auto.tfvars │ │ ├── locals.tf │ │ ├── backend.tf.cloud.example │ │ ├── backend.tf │ │ └── versions.tf │ ├── production │ │ ├── common.auto.tfvars │ │ ├── production.auto.tfvars │ │ ├── locals.tf │ │ ├── backend.tf.cloud.example │ │ └── backend.tf │ └── nonproduction │ │ ├── common.auto.tfvars │ │ ├── nonproduction.auto.tfvars │ │ ├── locals.tf │ │ ├── backend.tf.cloud.example │ │ └── backend.tf ├── acert ├── common.auto.example.tfvars ├── modules │ ├── ml_kms_key │ │ ├── versions.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── ml_infra_projects │ │ ├── versions.tf │ │ └── locals.tf │ ├── env_folders │ │ ├── outputs.tf │ │ ├── business_unit_folder.tf │ │ ├── remote.tf │ │ └── versions.tf │ ├── composer_env │ │ └── versions.tf │ ├── ml_single_project │ │ └── versions.tf │ ├── single_project │ │ └── remote.tf │ └── ml_env │ │ ├── versions.tf │ │ └── outputs.tf ├── production.auto.example.tfvars ├── development.auto.example.tfvars ├── nonproduction.auto.example.tfvars └── shared.auto.example.tfvars ├── docs └── assets │ └── terraform │ ├── 4-projects │ ├── ml_business_unit │ │ ├── production │ │ │ ├── common.auto.tfvars │ │ │ ├── production.auto.tfvars │ │ │ ├── locals.tf │ │ │ ├── backend.tf.cloud.example │ │ │ └── backend.tf │ │ ├── shared │ │ │ ├── common.auto.tfvars │ │ │ ├── shared.auto.tfvars │ │ │ ├── backend.tf.cloud.example │ │ │ ├── backend.tf │ │ │ └── versions.tf │ │ ├── development │ │ │ ├── common.auto.tfvars │ │ │ ├── development.auto.tfvars │ │ │ ├── locals.tf │ │ │ ├── backend.tf.cloud.example │ │ │ ├── backend.tf │ │ │ └── versions.tf │ │ └── nonproduction │ │ │ ├── common.auto.tfvars │ │ │ ├── nonproduction.auto.tfvars │ │ │ ├── locals.tf │ │ │ ├── backend.tf.cloud.example │ │ │ └── backend.tf │ ├── common.auto.example.tfvars │ ├── modules │ │ ├── ml_kms_key │ │ │ ├── versions.tf │ │ │ ├── outputs.tf │ │ │ └── variables.tf │ │ ├── ml_infra_projects │ │ │ ├── versions.tf │ │ │ └── locals.tf │ │ ├── env_folders │ │ │ ├── outputs.tf │ │ │ ├── business_unit_folder.tf │ │ │ ├── remote.tf │ │ │ └── versions.tf │ │ ├── ml_single_project │ │ │ └── versions.tf │ │ └── ml_env │ │ │ ├── versions.tf │ │ │ └── outputs.tf │ ├── development.auto.example.tfvars │ ├── production.auto.example.tfvars │ ├── nonproduction.auto.example.tfvars │ └── shared.auto.example.tfvars │ ├── 1-org │ ├── README.md │ └── ml_key_rings.tf │ └── 2-environments │ └── README.md ├── .gitmodules ├── renovate.json ├── 0-bootstrap ├── files │ └── private_key_example.png ├── backend.tf.cloud.example ├── backend.tf.example ├── modules │ ├── parent-iam-remove-role │ │ └── versions.tf │ ├── gitlab-oidc │ │ ├── versions.tf │ │ └── outputs.tf │ ├── cb-private-pool │ │ └── versions.tf │ ├── parent-iam-member │ │ └── versions.tf │ └── jenkins-agent │ │ └── versions.tf └── .gitignore ├── 1-org ├── modules │ ├── cai-monitoring │ │ ├── cai_monitoring.zip │ │ ├── function-source │ │ │ └── package.json │ │ └── versions.tf │ ├── network │ │ └── versions.tf │ ├── ml-org-policies │ │ └── versions.tf │ ├── centralized-logging │ │ └── versions.tf │ └── ml_kms_keyring │ │ └── outputs.tf ├── envs │ └── shared │ │ ├── backend.tf │ │ ├── backend.tf.cloud.example │ │ ├── providers.tf │ │ └── ml_key_rings.tf └── .gitignore ├── .github ├── renovate.json ├── release-please.yml ├── conventional-commit-lint.yaml └── trusted-contribution.yml ├── helpers └── genai-deployer │ ├── steps │ └── testdata │ │ └── existing.json │ └── gcp │ └── testdata │ ├── beta_components_installed.json │ └── beta_components_not_installed.json ├── CODEOWNERS ├── test └── integration │ └── testutils │ ├── strings.go │ └── transforms.go ├── policy-library ├── policies │ └── constraints │ │ ├── gke_allow_only_private_cluster.yaml │ │ ├── require_dnssec.yaml │ │ ├── sql_ssl.yaml │ │ ├── appengine_versions.yaml │ │ ├── gke_node_pool_auto_repair.yaml │ │ ├── dnssec_prevent_rsasha1_ksk.yaml │ │ ├── dnssec_prevent_rsasha1_zsk.yaml │ │ └── gke_restrict_pod_traffic.yaml └── lib │ └── constraints.rego └── .devcontainer └── devcontainer.json /examples/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /2-environments/envs/development/terraform.tfvars: -------------------------------------------------------------------------------- 1 | ../../terraform.tfvars -------------------------------------------------------------------------------- /2-environments/envs/nonproduction/terraform.tfvars: -------------------------------------------------------------------------------- 1 | ../../terraform.tfvars -------------------------------------------------------------------------------- /2-environments/envs/production/terraform.tfvars: -------------------------------------------------------------------------------- 1 | ../../terraform.tfvars -------------------------------------------------------------------------------- /3-networks-svpc/envs/shared/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-svpc/envs/shared/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../shared.auto.tfvars -------------------------------------------------------------------------------- /3-networks-svpc/envs/development/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-svpc/envs/nonproduction/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-svpc/envs/production/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/ml_business_unit/shared/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/ml_business_unit/shared/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../shared.auto.tfvars -------------------------------------------------------------------------------- /4-projects/ml_business_unit/development/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /4-projects/ml_business_unit/production/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-svpc/envs/shared/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /4-projects/ml_business_unit/nonproduction/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /3-networks-svpc/envs/development/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-svpc/envs/nonproduction/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /3-networks-svpc/envs/production/access_context.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../access_context.auto.tfvars -------------------------------------------------------------------------------- /4-projects/ml_business_unit/development/development.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../development.auto.tfvars -------------------------------------------------------------------------------- /4-projects/ml_business_unit/production/production.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../production.auto.tfvars -------------------------------------------------------------------------------- /4-projects/ml_business_unit/nonproduction/nonproduction.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../nonproduction.auto.tfvars -------------------------------------------------------------------------------- /5-app-infra/projects/artifact-publish/ml_business_unit/shared/terraform.tfvars: -------------------------------------------------------------------------------- 1 | ../../terraform.tfvars -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/ml_business_unit/shared/terraform.tfvars: -------------------------------------------------------------------------------- 1 | ../../terraform.tfvars -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/production/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/shared/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/shared/shared.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../shared.auto.tfvars -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/assets/Composer/.gitignore: -------------------------------------------------------------------------------- 1 | *.ipynb 2 | censuscomposerenv 3 | 4 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/development/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/nonproduction/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/development/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/nonproduction/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/production/common.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../common.auto.tfvars -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/production/production.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../production.auto.tfvars -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/development/development.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../development.auto.tfvars -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/nonproduction/nonproduction.auto.tfvars: -------------------------------------------------------------------------------- 1 | ../../nonproduction.auto.tfvars -------------------------------------------------------------------------------- /3-networks-svpc/envs/production/production.auto.tfvars: -------------------------------------------------------------------------------- 1 | ingress_policies = [ 2 | 3 | ] 4 | 5 | egress_policies = [ 6 | ] 7 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/development/development.auto.tfvars: -------------------------------------------------------------------------------- 1 | ingress_policies = [ 2 | 3 | ] 4 | 5 | egress_policies = [ 6 | 7 | ] 8 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/nonproduction/nonproduction.auto.tfvars: -------------------------------------------------------------------------------- 1 | ingress_policies = [ 2 | 3 | ] 4 | 5 | egress_policies = [ 6 | ] 7 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "7-vertexpipeline"] 2 | path = 7-vertexpipeline 3 | url = git@github.com:badal-io/vertexpipeline-promotion.git 4 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/artifact-publish/README.md: -------------------------------------------------------------------------------- 1 | # ml-foundations-docker 2 | Dockerfile repository for ml-foundations artifacts project 3 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "config:recommended" 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /2-environments/imgs/edit-policy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/terraform-google-enterprise-genai/HEAD/2-environments/imgs/edit-policy.png -------------------------------------------------------------------------------- /2-environments/imgs/list-policy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/terraform-google-enterprise-genai/HEAD/2-environments/imgs/list-policy.png -------------------------------------------------------------------------------- /4-projects/acert: -------------------------------------------------------------------------------- 1 | # Netscape HTTP Cookie File 2 | # https://curl.se/docs/http-cookies.html 3 | # This file was generated by libcurl! Edit at your own risk. 4 | 5 | -------------------------------------------------------------------------------- /0-bootstrap/files/private_key_example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/terraform-google-enterprise-genai/HEAD/0-bootstrap/files/private_key_example.png -------------------------------------------------------------------------------- /1-org/modules/cai-monitoring/cai_monitoring.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/terraform-google-enterprise-genai/HEAD/1-org/modules/cai-monitoring/cai_monitoring.zip -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/img/workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoogleCloudPlatform/terraform-google-enterprise-genai/HEAD/5-app-infra/source_repos/service-catalog/img/workflow.png -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": ["github>GoogleCloudPlatform/cloud-foundation-toolkit//infra/terraform/test-org/github/resources/renovate"] 4 | } 5 | -------------------------------------------------------------------------------- /helpers/genai-deployer/steps/testdata/existing.json: -------------------------------------------------------------------------------- 1 | { 2 | "file": "./testdata/existing.json", 3 | "steps": { 4 | "test": { 5 | "name": "test", 6 | "status": "COMPLETED", 7 | "error": "" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | .terraform.lock.hcl 4 | 5 | # .tfstate files 6 | *.tfstate 7 | *.tfstate.* 8 | 9 | # plan file 10 | *.tfplan 11 | **/*.tfplan 12 | 13 | # zip file 14 | *.zip 15 | *.tar 16 | *.tar.gz 17 | -------------------------------------------------------------------------------- /examples/genai-rag-multimodal/terraform.tfvars: -------------------------------------------------------------------------------- 1 | kms_key = 2 | network = 3 | subnet = 4 | machine_learning_project = 5 | vector_search_vpc_project = 6 | -------------------------------------------------------------------------------- /docs/assets/terraform/1-org/README.md: -------------------------------------------------------------------------------- 1 | # Terraform code in this directory is used on docs as reference/assets. 2 | 3 | 4 | ## Inputs 5 | 6 | No inputs. 7 | 8 | ## Outputs 9 | 10 | No outputs. 11 | 12 | 13 | -------------------------------------------------------------------------------- /docs/assets/terraform/2-environments/README.md: -------------------------------------------------------------------------------- 1 | # Terraform code in this directory is used on docs as reference/assets. 2 | 3 | 4 | ## Inputs 5 | 6 | No inputs. 7 | 8 | ## Outputs 9 | 10 | No outputs. 11 | 12 | 13 | -------------------------------------------------------------------------------- /1-org/modules/cai-monitoring/function-source/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "caiMonitoring", 3 | "version": "1.0.0", 4 | "description": "A Cloud Function that receives events from a Pub/Sub Subscription fed by a Cloud Asset Inventory IAM event feed, and then notify if the IAM Policy grants roles from a predefined set to a new member.", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "", 10 | "license": "ISC", 11 | "dependencies": { 12 | "@google-cloud/security-center": "8.12.0", 13 | "uuid4": "2.0.3", 14 | "moment": "2.29.4" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # NOTE: This file is automatically generated from values at: 2 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf 3 | 4 | * @GoogleCloudPlatform/blueprint-solutions @sleighton2022 5 | 6 | # NOTE: GitHub CODEOWNERS locations: 7 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection 8 | 9 | CODEOWNERS @GoogleCloudPlatform/blueprint-solutions 10 | .github/CODEOWNERS @GoogleCloudPlatform/blueprint-solutions 11 | docs/CODEOWNERS @GoogleCloudPlatform/blueprint-solutions 12 | 13 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/assets/Vertexpipeline/src/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/assets/Vertexpipeline/body.json: -------------------------------------------------------------------------------- 1 | { 2 | "instances": [ 3 | { 4 | "features/gender": "Female", 5 | "features/workclass": "Private", 6 | "features/occupation": "Tech-support", 7 | "features/marital_status": "Married-civ-spouse", 8 | "features/race": "White", 9 | "features/capital_gain": 0, 10 | "features/education": "9th", 11 | "features/age": 33, 12 | "features/hours_per_week": 40, 13 | "features/relationship": "Wife", 14 | "features/native_country": "Canada", 15 | "features/capital_loss": 0 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /.github/release-please.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | releaseType: terraform-module 16 | handleGHRelease: true 17 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/development/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | -------------------------------------------------------------------------------- /4-projects/common.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /1-org/modules/network/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | -------------------------------------------------------------------------------- /1-org/modules/ml-org-policies/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | -------------------------------------------------------------------------------- /4-projects/modules/ml_kms_key/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | -------------------------------------------------------------------------------- /1-org/modules/centralized-logging/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022-2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | -------------------------------------------------------------------------------- /4-projects/modules/ml_infra_projects/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/common.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | remote_state_bucket = "REMOTE_STATE_BUCKET" 18 | -------------------------------------------------------------------------------- /3-networks-svpc/access_context.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | access_context_manager_policy_id = ACCESS_CONTEXT_MANAGER_ID 18 | -------------------------------------------------------------------------------- /4-projects/modules/ml_infra_projects/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | env_code = element(split("", var.environment), 0) 19 | } 20 | -------------------------------------------------------------------------------- /4-projects/production.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "us" 18 | location_gcs = "US" 19 | env = "production" 20 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/ml_kms_key/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | -------------------------------------------------------------------------------- /4-projects/development.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "us" 18 | location_gcs = "US" 19 | env = "development" 20 | -------------------------------------------------------------------------------- /4-projects/nonproduction.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "us" 18 | location_gcs = "US" 19 | env = "nonproduction" 20 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/ml_infra_projects/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | } 20 | 21 | -------------------------------------------------------------------------------- /0-bootstrap/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "0-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/development/locals.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | locals { 16 | repo_name = "ml-composer" 17 | business_code = "ml" 18 | business_unit = "ml_business_unit" 19 | } 20 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/nonproduction/locals.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | locals { 16 | repo_name = "ml-composer" 17 | business_code = "ml" 18 | business_unit = "ml_business_unit" 19 | } 20 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/production/locals.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | locals { 16 | repo_name = "ml-composer" 17 | business_code = "ml" 18 | business_unit = "ml_business_unit" 19 | } 20 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/development.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "us" 18 | location_gcs = "US" 19 | env = "development" 20 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/ml_infra_projects/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | env_code = element(split("", var.environment), 0) 19 | } 20 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/production.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "us" 18 | location_gcs = "US" 19 | env = "production" 20 | -------------------------------------------------------------------------------- /1-org/envs/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/org/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /1-org/envs/shared/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "1-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/artifact-publish/images/tf2-cpu.2-8:01/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | FROM us-docker.pkg.dev/cloud-aiplatform/prediction/tf2-cpu.2-8:cmle_op_images_20240312_0210_RC00 16 | 17 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/nonproduction.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | location_kms = "us" 18 | location_gcs = "US" 19 | env = "nonproduction" 20 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/shared/partner_interconnect.auto.tfvars.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | enable_partner_interconnect = true 18 | preactivate_partner_interconnect = true 19 | -------------------------------------------------------------------------------- /3-networks-svpc/modules/hierarchical_firewall_policy/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "id" { 18 | value = google_compute_organization_security_policy.policy.id 19 | } 20 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/artifact-publish/images/tf2-gpu.2-13:0.1/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | FROM us-docker.pkg.dev/vertex-ai/prediction/tf2-gpu.2-13:latest 16 | RUN echo "Hello World" > helloworld.txt 17 | -------------------------------------------------------------------------------- /0-bootstrap/backend.tf.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/bootstrap/state" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/shared/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/modules/ml_kms_key/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kms_keys" { 18 | description = "Keys created for the project." 19 | value = local.output_keys 20 | } 21 | -------------------------------------------------------------------------------- /2-environments/envs/production/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "2-production" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/production/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-production" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /5-app-infra/projects/artifact-publish/ml_business_unit/shared/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | business_unit = "ml_business_unit" 19 | environment = "common" 20 | } 21 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/artifact-publish/images/tf2-cpu.2-13:0.1/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | FROM us-docker.pkg.dev/vertex-ai/prediction/tf2-cpu.2-13:latest 16 | RUN echo "Hello World" > helloworld.txt 17 | 18 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/development/locals.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | locals { 16 | repo_name = "ml-composer" 17 | business_code = "ml" 18 | business_unit = "ml_business_unit" 19 | } 20 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/production/locals.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | locals { 16 | repo_name = "ml-composer" 17 | business_code = "ml" 18 | business_unit = "ml_business_unit" 19 | } 20 | -------------------------------------------------------------------------------- /examples/genai-rag-multimodal/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_providers { 19 | google = { 20 | version = "~> 5.34.0" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /2-environments/envs/development/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "2-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /2-environments/envs/nonproduction/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "2-nonproduction" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/development/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/shared/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "dns_hub_project_id" { 18 | value = local.dns_hub_project_id 19 | description = "The DNS hub project ID" 20 | } 21 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/shared/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-ml-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/ml_business_unit/shared/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | business_unit = "ml_business_unit" 19 | environment = "common" 20 | } 21 | 22 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/nonproduction/locals.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | locals { 16 | repo_name = "ml-composer" 17 | business_code = "ml" 18 | business_unit = "ml_business_unit" 19 | } 20 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/nonproduction/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "3-nonproduction" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/production/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-ml-production" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /2-environments/envs/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/environments/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /2-environments/envs/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/environments/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/development/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-ml-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /5-app-infra/projects/artifact-publish/modules/publish_artifacts/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "cloudbuild_trigger_id" { 18 | value = google_cloudbuild_trigger.docker_build.id 19 | } 20 | 21 | -------------------------------------------------------------------------------- /2-environments/envs/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/environments/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/nonproduction/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-ml-nonproduction" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/ml_kms_key/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "kms_keys" { 18 | description = "Keys created for the project." 19 | value = local.output_keys 20 | } 21 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/bucket/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "storage_bucket" { 18 | description = "Storage Bucket." 19 | value = google_storage_bucket.bucket 20 | } 21 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/pubsub/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "pubsub_topic" { 18 | description = "Pub/Sub Topic." 19 | value = google_pubsub_topic.pubsub_topic 20 | } 21 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/shared/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-ml-shared" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_ME" 20 | prefix = "terraform/networks/envs/shared" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/development/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-ml-development" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/production/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-ml-production" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /4-projects/modules/env_folders/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "business_unit_folder" { 18 | description = "The name of the Business Folder created." 19 | value = google_folder.env_business_unit.name 20 | } 21 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/secrets/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "secret_manager" { 18 | description = "Secret Manager resource." 19 | value = google_secret_manager_secret.secret 20 | } 21 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/nonproduction/backend.tf.cloud.example: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | cloud { 19 | workspaces { 20 | name = "4-ml-nonproduction" 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /helpers/genai-deployer/gcp/testdata/beta_components_installed.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "current_version_string": "2025.05.30", 4 | "gdu_only": false, 5 | "id": "beta", 6 | "is_configuration": false, 7 | "is_hidden": false, 8 | "latest_version_string": "2025.08.29", 9 | "name": "gcloud Beta Commands", 10 | "platform": { 11 | "architecture": { 12 | "file_name": "x86_64", 13 | "id": "x86_64", 14 | "name": "x86_64" 15 | }, 16 | "operating_system": { 17 | "clean_version": "6.6.87", 18 | "file_name": "linux", 19 | "id": "LINUX", 20 | "name": "Linux", 21 | "version": "6.6.87.2-microsoft-standard-WSL2" 22 | } 23 | }, 24 | "platform_required": false, 25 | "size": 797, 26 | "state": { 27 | "name": "Update Available" 28 | } 29 | } 30 | ] 31 | -------------------------------------------------------------------------------- /helpers/genai-deployer/gcp/testdata/beta_components_not_installed.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "current_version_string": "2025.05.30", 4 | "gdu_only": false, 5 | "id": "beta", 6 | "is_configuration": false, 7 | "is_hidden": false, 8 | "latest_version_string": "2025.08.29", 9 | "name": "gcloud Beta Commands", 10 | "platform": { 11 | "architecture": { 12 | "file_name": "x86_64", 13 | "id": "x86_64", 14 | "name": "x86_64" 15 | }, 16 | "operating_system": { 17 | "clean_version": "6.6.87", 18 | "file_name": "linux", 19 | "id": "LINUX", 20 | "name": "Linux", 21 | "version": "6.6.87.2-microsoft-standard-WSL2" 22 | } 23 | }, 24 | "platform_required": false, 25 | "size": 797, 26 | "state": { 27 | "name": "Not Installed" 28 | } 29 | } 30 | ] 31 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/ml_business_unit/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/ml_business_unit/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/ml_business_unit/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/metadata/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "vertex_ai_metadata_store" { 18 | description = "Vertex AI Metadata Store." 19 | value = google_vertex_ai_metadata_store.store 20 | } 21 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/tensorboard/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "vertex_ai_tensorboard" { 18 | description = "TensorBoard resource." 19 | value = google_vertex_ai_tensorboard.tensorboard 20 | } 21 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/ml_business_unit/shared" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /5-app-infra/projects/artifact-publish/terraform.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | instance_region = "us-central1" // should be one of the regions used to create network on step 3-networks 18 | 19 | remote_state_bucket = "REMOTE_STATE_BUCKET" 20 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/env_folders/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "business_unit_folder" { 18 | description = "The name of the Business Folder created." 19 | value = google_folder.env_business_unit.name 20 | } 21 | -------------------------------------------------------------------------------- /.github/conventional-commit-lint.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/infra/terraform/test-org/github 17 | 18 | enabled: true 19 | always_check_pr_title: true 20 | -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/ml_business_unit/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_APP_INFRA_BUCKET" 20 | prefix = "terraform/app-infra/ml_business_unit/shared" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /5-app-infra/projects/artifact-publish/ml_business_unit/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_APP_INFRA_BUCKET" 20 | prefix = "terraform/app-infra/ml_business_unit/shared" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/ml_business_unit/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/ml_business_unit/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/ml_business_unit/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/development/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_APP_INFRA_BUCKET" 20 | prefix = "terraform/app-infra/ml_business_unit/development" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/production/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_APP_INFRA_BUCKET" 20 | prefix = "terraform/app-infra/ml_business_unit/production" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/nonproduction/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_APP_INFRA_BUCKET" 20 | prefix = "terraform/app-infra/ml_business_unit/nonproduction" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /test/integration/testutils/strings.go: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package testutils 16 | 17 | import ( 18 | "strings" 19 | ) 20 | 21 | func GetLastSplitElement(value string, sep string) string { 22 | splitted := strings.Split(value, sep) 23 | return splitted[len(splitted)-1] 24 | } 25 | -------------------------------------------------------------------------------- /0-bootstrap/modules/parent-iam-remove-role/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77" 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /3-networks-svpc/modules/ml_dns_notebooks/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.61" 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/shared/backend.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | backend "gcs" { 19 | bucket = "UPDATE_PROJECTS_BACKEND" 20 | prefix = "terraform/projects/ml_business_unit/shared" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /0-bootstrap/modules/gitlab-oidc/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | 21 | google = { 22 | source = "hashicorp/google" 23 | version = ">= 3.64, < 7" 24 | } 25 | } 26 | 27 | } 28 | -------------------------------------------------------------------------------- /5-app-infra/projects/artifact-publish/ml_business_unit/shared/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | bucket\_force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | `bool` | `false` | no | 7 | | instance\_region | The region where compute instance will be created. A subnetwork must exists in the instance region. | `string` | `"us-central1"` | no | 8 | | remote\_state\_bucket | Backend bucket to load remote state information from previous steps. | `string` | n/a | yes | 9 | 10 | ## Outputs 11 | 12 | | Name | Description | 13 | |------|-------------| 14 | | cloudbuild\_trigger\_id | n/a | 15 | 16 | 17 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/bigquery/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | data "google_project" "project" { 18 | project_id = var.project_id 19 | } 20 | 21 | data "google_kms_crypto_key" "key" { 22 | name = local.key_name 23 | key_ring = var.kms_keyring 24 | } 25 | -------------------------------------------------------------------------------- /2-environments/terraform.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | monitoring_workspace_users = "gcp-monitoring-admins@example.com" 19 | 20 | remote_state_bucket = "REMOTE_STATE_BUCKET" 21 | 22 | // uncomment if you want to enable kms key destruction 23 | // kms_prevent_destroy = false 24 | 25 | -------------------------------------------------------------------------------- /4-projects/shared.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | # We suggest you to use the same region from the 0-bootstrap step 18 | default_region = "us-central1" 19 | 20 | cloud_source_service_catalog_repo_name = "service-catalog" 21 | 22 | cloud_source_artifacts_repo_name = "publish-artifacts" 23 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/artifact_registry/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * 1Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | data "google_project" "project" { 18 | project_id = var.project_id 19 | } 20 | 21 | data "google_kms_crypto_key" "key" { 22 | name = local.key_name 23 | key_ring = var.kms_keyring 24 | } 25 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/assets/Composer/requirements.txt: -------------------------------------------------------------------------------- 1 | tensorflow-io-gcs-filesystem==0.25.0 2 | tensorflow-io==0.25.0 3 | google-cloud-bigquery<3.0.0,>=1.11.1 4 | pandas==2.0.3 5 | db-dtypes==1.2.0 6 | google-cloud-aiplatform==1.36.0 7 | google-cloud-storage==2.14.0 8 | protobuf==3.20.0 9 | 10 | # @task.sho 11 | # @task.branch(task_id="deployment_decision", dag=dag) 12 | # def deploy_dec(ti=None): 13 | # xcom_value = ti.xcom_pull(task_ids="model_evaluation")['return_value'] 14 | # if xcom_value == ('true',): 15 | # return "model_deployment" 16 | # else: 17 | # return None 18 | # branch_op = deploy_dec() 19 | 20 | #>> traindata_ingest_op >> wait_for_traindata_ingest_op 21 | # bqOperator >> evaldata_ingest_op >> wait_for_evaldata_ingest_op 22 | # [wait_for_traindata_ingest_op, wait_for_evaldata_ingest_op] >> training_op >> eval_op >> branch_op >> [deploy_op, None] >> monitoring_op 23 | 24 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/artifact_registry/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * 2Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | region_short_code = { 19 | "us-central1" = "usc1" 20 | "us-east4" = "use4" 21 | } 22 | key_name = var.kms_key_name == "" ? data.google_project.project.name : var.kms_key_name 23 | } 24 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/assets/Vertexpipeline/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | FROM tensorflow/tensorflow:2.8.0 16 | RUN pip install tensorflow-io==0.25.0 protobuf==3.20.0 google-cloud-bigquery==3.13.0 pandas==2.0.3 db-dtypes==1.2.0 google-cloud-aiplatform==1.36.0 google-cloud-storage==2.14.0 kfp google-cloud-pipeline-components 17 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/shared.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | # We suggest you to use the same region from the 0-bootstrap step 18 | default_region = "us-central1" 19 | 20 | cloud_source_service_catalog_repo_name = "service-catalog" 21 | 22 | cloud_source_artifacts_repo_name = "publish-artifacts" 23 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/assets/Vertexpipeline/components/bq_dataset_component/create_bq_dataset.sql: -------------------------------------------------------------------------------- 1 | /*################################################################################## 2 | # Copyright 2024 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # https://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | ###################################################################################*/ 16 | CREATE SCHEMA IF NOT EXISTS census_dataset 17 | -------------------------------------------------------------------------------- /1-org/envs/shared/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/shared/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/secrets/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | key_location = element(split("/", var.kms_keyring), 3) 19 | pubsub_topic_name = "secret-rotation-notifications" 20 | key_name = var.kms_key_name == "" ? data.google_project.project.name : var.kms_key_name 21 | } 22 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/development/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/production/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /0-bootstrap/modules/gitlab-oidc/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "pool_name" { 18 | description = "Pool name" 19 | value = google_iam_workload_identity_pool.main.name 20 | } 21 | 22 | output "provider_name" { 23 | description = "Provider name" 24 | value = google_iam_workload_identity_pool_provider.main.name 25 | } 26 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/nonproduction/providers.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Provider request timeout configuration 19 | *****************************************/ 20 | provider "google" { 21 | request_timeout = "5m" 22 | } 23 | 24 | provider "google-beta" { 25 | request_timeout = "5m" 26 | } 27 | -------------------------------------------------------------------------------- /4-projects/modules/env_folders/business_unit_folder.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | env_business_unit_folder_name = "${var.folder_prefix}-${var.env}-${var.business_code}" 19 | } 20 | 21 | resource "google_folder" "env_business_unit" { 22 | display_name = local.env_business_unit_folder_name 23 | parent = local.env_folder_name 24 | } 25 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/notebook/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | name_var = format("%s-%s", data.google_project.project.labels.env_code, var.name) 19 | region = substr(var.location, 0, length(var.location) - 2) 20 | key_name = var.kms_key_name == "" ? data.google_project.project.name : var.kms_key_name 21 | } 22 | -------------------------------------------------------------------------------- /1-org/modules/ml_kms_keyring/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "key_rings" { 18 | description = "Keyring Names created" 19 | value = values(module.kms_keyrings)[*].keyring 20 | } 21 | 22 | output "keys_by_region" { 23 | description = "Map of key name => key selflink, indexed by region" 24 | value = local.kms_keys_by_region 25 | } 26 | -------------------------------------------------------------------------------- /2-environments/modules/ml_kms_keyring/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "key_rings" { 18 | description = "Keyring Names created" 19 | value = values(module.kms_keyrings)[*].keyring 20 | } 21 | 22 | output "keys_by_region" { 23 | description = "Map of key name => key selflink, indexed by region" 24 | value = local.kms_keys_by_region 25 | } 26 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/shared/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /5-app-infra/projects/artifact-publish/modules/publish_artifacts/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | data "google_project" "project" { 18 | project_id = var.project_id 19 | } 20 | 21 | data "google_sourcerepo_repository" "artifacts_repo" { 22 | name = var.name 23 | project = var.project_id 24 | } 25 | 26 | data "google_client_openid_userinfo" "current_user" {} 27 | -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/modules/service_catalog/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | data "google_project" "project" { 18 | project_id = var.project_id 19 | } 20 | 21 | data "google_sourcerepo_repository" "artifacts_repo" { 22 | name = var.name 23 | project = var.project_id 24 | } 25 | 26 | data "google_client_openid_userinfo" "current_user" {} 27 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/development/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/production/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/shared/versions.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | terraform { 16 | required_version = ">= 0.13" 17 | 18 | required_providers { 19 | 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77, < 6" 23 | } 24 | 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = ">= 3.77, < 6" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /4-projects/modules/composer_env/versions.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | terraform { 16 | required_version = ">= 0.13" 17 | 18 | required_providers { 19 | 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77, < 6" 23 | } 24 | 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = ">= 3.77, < 6" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /3-networks-svpc/envs/nonproduction/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /4-projects/ml_business_unit/development/versions.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | terraform { 16 | required_version = ">= 0.13" 17 | 18 | required_providers { 19 | 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77, < 6" 23 | } 24 | 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = ">= 3.77, < 6" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /4-projects/modules/ml_single_project/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/env_folders/business_unit_folder.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | env_business_unit_folder_name = "${var.folder_prefix}-${var.env}-${var.business_code}" 19 | } 20 | 21 | resource "google_folder" "env_business_unit" { 22 | display_name = local.env_business_unit_folder_name 23 | parent = local.env_folder_name 24 | } 25 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/production/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | business_unit = "ml_business_unit" 19 | business_code = "ml" 20 | env = "production" 21 | environment_code = "p" 22 | region_kms_keyring = [for i in local.env_keyrings : i if split("/", i)[3] == var.instance_region] 23 | } 24 | 25 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/nonproduction/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | business_unit = "ml_business_unit" 19 | business_code = "ml" 20 | env = "nonproduction" 21 | environment_code = "n" 22 | region_kms_keyring = [for i in local.env_keyrings : i if split("/", i)[3] == var.instance_region] 23 | } 24 | 25 | -------------------------------------------------------------------------------- /4-projects/modules/env_folders/remote.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | env_folder_name = data.terraform_remote_state.environments_env.outputs.env_folder 19 | } 20 | 21 | data "terraform_remote_state" "environments_env" { 22 | backend = "gcs" 23 | 24 | config = { 25 | bucket = var.remote_state_bucket 26 | prefix = "terraform/environments/${var.env}" 27 | } 28 | } 29 | 30 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/artifact-publish/images/vertexpipeline:v2/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | FROM python:3.10 16 | 17 | RUN python3 -m pip install --no-cache-dir tensorflow-cpu==2.8.0 18 | RUN pip install tensorflow-io==0.25.0 protobuf==3.20.3 google-cloud-bigquery==3.13.0 pandas==2.0.3 db-dtypes==1.2.0 google-cloud-aiplatform==1.36.0 google-cloud-storage==2.14.0 kfp google-cloud-pipeline-components numpy==1.26.4 19 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/shared/versions.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | terraform { 16 | required_version = ">= 0.13" 17 | 18 | required_providers { 19 | 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77, < 6" 23 | } 24 | 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = ">= 3.77, < 6" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/ml_single_project/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.50" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.50" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/modules/service_catalog/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "storage_bucket_name" { 18 | description = "Name of storage bucket created" 19 | value = google_storage_bucket.bucket.name 20 | } 21 | 22 | output "cloudbuild_trigger_id" { 23 | description = "Id of Cloud Build Trigger" 24 | value = google_cloudbuild_trigger.zip_files.id 25 | } 26 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/bigquery/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | project_hash = substr(sha256(data.google_project.project.project_id), 0, 6) 19 | name_var = "bq-${var.dataset_id}-${data.google_project.project.labels.env_code}-${local.project_hash}" 20 | key_name = var.kms_key_name == "" ? data.google_project.project.name : var.kms_key_name 21 | } 22 | -------------------------------------------------------------------------------- /docs/assets/terraform/1-org/ml_key_rings.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "kms_keyring" { 18 | source = "../../modules/ml_kms_keyring" 19 | 20 | keyring_admins = [ 21 | "serviceAccount:${local.projects_step_terraform_service_account_email}" 22 | ] 23 | project_id = module.org_kms.project_id 24 | keyring_regions = var.keyring_regions 25 | keyring_name = var.keyring_name 26 | } 27 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/ml_business_unit/development/versions.tf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | terraform { 16 | required_version = ">= 0.13" 17 | 18 | required_providers { 19 | 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77, < 6" 23 | } 24 | 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = ">= 3.77, < 6" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /4-projects/modules/env_folders/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022-2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | random = { 21 | source = "hashicorp/random" 22 | version = ">= 3.3" 23 | } 24 | } 25 | 26 | provider_meta "google" { 27 | module_name = "blueprints/terraform/terraform-google-enterprise-genai:projects/v0.0.1" 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/bucket/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | key_name = var.kms_key_name == "" ? data.google_project.project.name : var.kms_key_name 19 | } 20 | 21 | data "google_project" "project" { 22 | project_id = var.project_id 23 | } 24 | 25 | data "google_kms_crypto_key" "key" { 26 | name = local.key_name 27 | key_ring = var.kms_keyring 28 | } 29 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/pubsub/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | key_name = var.kms_key_name == "" ? data.google_project.project.name : var.kms_key_name 19 | } 20 | 21 | data "google_project" "project" { 22 | project_id = var.project_id 23 | } 24 | 25 | data "google_kms_crypto_key" "key" { 26 | name = local.key_name 27 | key_ring = var.kms_keyring 28 | } 29 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/bigquery/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "bigquery" { 18 | source = "terraform-google-modules/bigquery/google" 19 | version = "7.0.0" 20 | dataset_id = var.dataset_id 21 | project_id = data.google_project.project.project_id 22 | location = var.region 23 | encryption_key = data.google_kms_crypto_key.key.id 24 | } 25 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/tensorboard/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | key_name = var.kms_key_name == "" ? data.google_project.project.name : var.kms_key_name 19 | } 20 | 21 | data "google_project" "project" { 22 | project_id = var.project_id 23 | } 24 | 25 | data "google_kms_crypto_key" "key" { 26 | name = local.key_name 27 | key_ring = var.kms_keyring 28 | } 29 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/common.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | instance_region = "us-central1" // should be one of the regions used to create network on step 3-networks 18 | 19 | remote_state_bucket = "REMOTE_STATE_BUCKET" 20 | 21 | #github_app_installation_id = "GITHUB_APP_ID" 22 | 23 | #github_remote_uri = "GITHUB_REMOTE_URI" 24 | 25 | seed_state_bucket = "REPLACE_SEED_TFSTATE_BUCKET" -------------------------------------------------------------------------------- /2-environments/modules/env_baseline/iam.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | /****************************************** 18 | Monitoring - IAM 19 | *****************************************/ 20 | 21 | resource "google_project_iam_member" "monitoring_editor" { 22 | project = module.monitoring_project.project_id 23 | role = "roles/monitoring.editor" 24 | member = "group:${var.monitoring_workspace_users}" 25 | } 26 | -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/ml_business_unit/shared/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "storage_bucket_name" { 18 | description = "Name of storage bucket created" 19 | value = module.service_catalog.storage_bucket_name 20 | } 21 | 22 | output "cloudbuild_trigger_id" { 23 | description = "Id of Cloud Build Trigger" 24 | value = module.service_catalog.cloudbuild_trigger_id 25 | } 26 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/metadata/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | key_name = var.kms_key_name == "" ? data.google_project.project.name : var.kms_key_name 19 | } 20 | 21 | data "google_project" "project" { 22 | project_id = var.project_id 23 | } 24 | 25 | data "google_kms_crypto_key" "key" { 26 | name = local.key_name 27 | key_ring = var.kms_keyring 28 | } 29 | 30 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/env_folders/remote.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | env_folder_name = data.terraform_remote_state.environments_env.outputs.env_folder 19 | } 20 | 21 | data "terraform_remote_state" "environments_env" { 22 | backend = "gcs" 23 | 24 | config = { 25 | bucket = var.remote_state_bucket 26 | prefix = "terraform/environments/${var.env}" 27 | } 28 | } 29 | 30 | -------------------------------------------------------------------------------- /.github/trusted-contribution.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2023-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | annotations: 19 | - type: comment 20 | text: "/gcbrun" 21 | trustedContributors: 22 | - release-please[bot] 23 | - renovate[bot] 24 | - renovate-bot 25 | - forking-renovate[bot] 26 | - dependabot[bot] 27 | -------------------------------------------------------------------------------- /test/integration/testutils/transforms.go: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package testutils 16 | 17 | import ( 18 | "github.com/tidwall/gjson" 19 | ) 20 | 21 | // getResultFieldStrSlice parses a field of a results list into a string slice 22 | func GetResultFieldStrSlice(rs []gjson.Result, field string) []string { 23 | s := make([]string, 0) 24 | for _, r := range rs { 25 | s = append(s, r.Get(field).String()) 26 | } 27 | return s 28 | } 29 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/env_folders/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022-2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | random = { 21 | source = "hashicorp/random" 22 | version = ">= 3.3" 23 | } 24 | } 25 | 26 | provider_meta "google" { 27 | module_name = "blueprints/terraform/terraform-google-enterprise-genai:projects/v0.0.1" 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /1-org/modules/cai-monitoring/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 5.42" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 5.42" 27 | } 28 | random = { 29 | source = "hashicorp/random" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /4-projects/modules/single_project/remote.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | environment_kms_project_id = try(data.terraform_remote_state.environments_env.outputs.env_kms_project_id, "") 19 | } 20 | 21 | data "terraform_remote_state" "environments_env" { 22 | backend = "gcs" 23 | 24 | config = { 25 | bucket = var.remote_state_bucket 26 | prefix = "terraform/environments/${var.environment}" 27 | } 28 | } 29 | 30 | -------------------------------------------------------------------------------- /3-networks-svpc/modules/base_env/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | data "google_netblock_ip_ranges" "legacy_health_checkers" { 19 | range_type = "legacy-health-checkers" 20 | } 21 | 22 | data "google_netblock_ip_ranges" "health_checkers" { 23 | range_type = "health-checkers" 24 | } 25 | 26 | // Cloud IAP's TCP forwarding netblock 27 | data "google_netblock_ip_ranges" "iap_forwarders" { 28 | range_type = "iap-forwarders" 29 | } 30 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/metadata/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "google_vertex_ai_metadata_store" "store" { 18 | name = var.name 19 | provider = google-beta 20 | description = "Vertex Metadata store" 21 | region = var.region 22 | project = data.google_project.project.project_id 23 | encryption_spec { 24 | kms_key_name = data.google_kms_crypto_key.key.id 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /0-bootstrap/modules/cb-private-pool/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.77" 27 | } 28 | random = { 29 | source = "hashicorp/random" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /0-bootstrap/modules/parent-iam-member/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | google = { 21 | source = "hashicorp/google" 22 | version = ">= 3.77" 23 | } 24 | google-beta = { 25 | source = "hashicorp/google-beta" 26 | version = ">= 3.77" 27 | } 28 | random = { 29 | source = "hashicorp/random" 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/secrets/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | data "google_project" "project" { 18 | project_id = var.project_id 19 | } 20 | 21 | data "google_kms_crypto_key" "key" { 22 | name = local.key_name 23 | key_ring = var.kms_keyring 24 | } 25 | 26 | data "google_pubsub_topic" "secret_rotations" { 27 | name = local.pubsub_topic_name 28 | project = data.google_project.project.project_id 29 | } 30 | -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/ml_business_unit/shared/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | bucket\_force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | `bool` | `false` | no | 7 | | instance\_region | The region where compute instance will be created. A subnetwork must exists in the instance region. | `string` | `"us-central1"` | no | 8 | | log\_bucket | Log bucket to be used by Service Catalog Bucket | `string` | n/a | yes | 9 | | remote\_state\_bucket | Backend bucket to load remote state information from previous steps. | `string` | n/a | yes | 10 | 11 | ## Outputs 12 | 13 | | Name | Description | 14 | |------|-------------| 15 | | cloudbuild\_trigger\_id | Id of Cloud Build Trigger | 16 | | storage\_bucket\_name | Name of storage bucket created | 17 | 18 | 19 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/tensorboard/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | resource "google_vertex_ai_tensorboard" "tensorboard" { 18 | display_name = var.name 19 | description = "Vertex tensorboard instance with cmek" 20 | labels = {} 21 | region = var.region 22 | project = data.google_project.project.project_id 23 | encryption_spec { 24 | kms_key_name = data.google_kms_crypto_key.key.id 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/terraform.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2025 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | instance_region = "us-central1" // should be one of the regions used to create network on step 3-networks 18 | 19 | remote_state_bucket = "REMOTE_STATE_BUCKET" 20 | 21 | log_bucket = "REPLACE_LOG_BUCKET" 22 | 23 | # github_ api_ token = "GITHUB_APP_TOKEN" 24 | 25 | # github_app_installation_id = "GITHUB_APP_ID" 26 | 27 | # github_remote_uri = "GITHUB_REMOTE_URI" 28 | 29 | -------------------------------------------------------------------------------- /2-environments/envs/development/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "env" { 18 | source = "../../modules/env_baseline" 19 | 20 | env = "development" 21 | environment_code = "d" 22 | monitoring_workspace_users = var.monitoring_workspace_users 23 | remote_state_bucket = var.remote_state_bucket 24 | tfc_org_name = var.tfc_org_name 25 | kms_prevent_destroy = var.kms_prevent_destroy 26 | } 27 | -------------------------------------------------------------------------------- /3-networks-svpc/shared.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // List of IPv4 address of target name servers for the forwarding zone configuration. 18 | // See https://cloud.google.com/dns/docs/overview#dns-forwarding-zones 19 | target_name_server_addresses = [ 20 | { 21 | ipv4_address = "192.168.0.1", 22 | forwarding_path = "default" 23 | }, 24 | { 25 | ipv4_address = "192.168.0.2", 26 | forwarding_path = "default" 27 | } 28 | ] 29 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/composer/terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | name = "isolated-composer-env10" 2 | environment = "development" 3 | project_id = "prj-c-composer" 4 | cmek_project_id = "prj-c-bu3cmek-wo8w" 5 | region = "us-central1" 6 | maintenance_window = { 7 | start_time = "2023-01-01T01:00:00Z" 8 | end_time = "2023-01-01T13:00:00Z" 9 | recurrence = "FREQ=WEEKLY;BYDAY=SU" 10 | } 11 | airflow_config_overrides = { "core-dags_are_paused_at_creation" = "True" } 12 | env_variables = { "EXAMPLE_VAR" = "value" } 13 | image_version = "composer-2.5.2-airflow-2.6.3" 14 | 15 | web_server_allowed_ip_ranges = [ 16 | { 17 | value = "192.168.100.0/24" 18 | description = "Office network" 19 | }, 20 | { 21 | value = "192.168.101.0/24" 22 | description = "Home network" 23 | } 24 | ] 25 | 26 | github_name_prefix = "github-composer-cloudbuild" 27 | github_app_installation_id = "APP_INSTALATION_ID_HERE" 28 | github_api_token = "GITHUB_API_TOKEN_HERE" 29 | github_remote_uri = "LINK_TO_GITHUB_REPO_CONTAINING_DAGS" 30 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/development/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | github\_app\_installation\_id | The app installation ID that was created when installing Google Cloud Build in Github: https://github.com/apps/google-cloud-build | `number` | `null` | no | 7 | | github\_remote\_uri | The remote uri of your github repository | `string` | `null` | no | 8 | | instance\_region | The region where notebook instance will be created. A subnetwork must exists in the instance region. | `string` | n/a | yes | 9 | | remote\_state\_bucket | Backend bucket to load remote state information from previous steps. | `string` | n/a | yes | 10 | | repository\_id | Common artifacts repository id | `string` | `"c-publish-artifacts"` | no | 11 | | seed\_state\_bucket | Remote state bucket from 0-bootstrap | `string` | n/a | yes | 12 | 13 | ## Outputs 14 | 15 | No outputs. 16 | 17 | 18 | -------------------------------------------------------------------------------- /2-environments/envs/nonproduction/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "env" { 18 | source = "../../modules/env_baseline" 19 | 20 | env = "nonproduction" 21 | environment_code = "n" 22 | monitoring_workspace_users = var.monitoring_workspace_users 23 | remote_state_bucket = var.remote_state_bucket 24 | tfc_org_name = var.tfc_org_name 25 | kms_prevent_destroy = var.kms_prevent_destroy 26 | } 27 | -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/modules/service_catalog/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | current_user_email = data.google_client_openid_userinfo.current_user.email 19 | current_user_domain = split("@", local.current_user_email)[1] 20 | current_member = strcontains(local.current_user_domain, "iam.gserviceaccount.com") ? "serviceAccount:${local.current_user_email}" : "user:${local.current_user_email}" 21 | log_bucket_prefix = "bkt" 22 | } 23 | -------------------------------------------------------------------------------- /policy-library/policies/constraints/gke_allow_only_private_cluster.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | apiVersion: constraints.gatekeeper.sh/v1alpha1 # Copyright 2019 Google LLC 16 | kind: GCPGKEPrivateClusterConstraintV1 17 | metadata: 18 | name: allow_only_private_cluster 19 | annotations: 20 | benchmark: GKE_HARDENING_GUIDELINE 21 | bundles.validator.forsetisecurity.org/scorecard-v1: security 22 | description: Verifies all GKE clusters are Private Clusters. 23 | spec: 24 | severity: high 25 | parameters: {} 26 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/tensorboard/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | kms\_key\_name | The KMS key to be used on the keyring, if not specified will use the default key created in 4-projects step" | `string` | `""` | no | 7 | | kms\_keyring | The KMS keyring that will be used when selecting the KMS key, preferably this should be on the same region as the other resources and the same environment.
This value can be obtained by running "gcloud kms keyrings list --project=KMS\_PROJECT\_ID --location=REGION." | `string` | n/a | yes | 8 | | name | The name of the tensorboard. | `string` | n/a | yes | 9 | | project\_id | Project ID. | `string` | n/a | yes | 10 | | region | The resource region, one of [us-central1, us-east4]. | `string` | `"us-central1"` | no | 11 | 12 | ## Outputs 13 | 14 | | Name | Description | 15 | |------|-------------| 16 | | vertex\_ai\_tensorboard | TensorBoard resource. | 17 | 18 | 19 | -------------------------------------------------------------------------------- /policy-library/policies/constraints/require_dnssec.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | 16 | #Control ID: DNS-CO-6.1 17 | #NIST 800-53: SC-7 SC-8 18 | #CRI Profile: PR.AC-5.1 PR.AC-5.2 PR.DS-2.1 PR.DS-2.2 PR.DS-5.1 PR.PT-4.1 DE.CM-1.1 DE.CM-1.2 DE.CM-1.3 DE.CM-1.4 19 | apiVersion: constraints.gatekeeper.sh/v1alpha1 20 | kind: GCPDNSSECConstraintV1 21 | metadata: 22 | name: require_dnssec 23 | annotations: 24 | description: Checks that DNSSEC is enabled for a Cloud DNS managed zone. 25 | spec: 26 | severity: high 27 | parameters: {} 28 | -------------------------------------------------------------------------------- /3-networks-svpc/common.auto.example.tfvars: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // The DNS name of peering managed zone. Must end with a period. 18 | domain = "example.com." 19 | 20 | // Update the following line and add you email in the perimeter_additional_members list. 21 | // You must be in this list to be able to view/access resources in the project protected by the VPC service controls. 22 | 23 | perimeter_additional_members = ["user:YOUR-USER-EMAIL@example.com"] 24 | 25 | remote_state_bucket = "REMOTE_STATE_BUCKET" 26 | -------------------------------------------------------------------------------- /0-bootstrap/modules/jenkins-agent/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = ">= 3.50" 24 | } 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = ">= 3.50" 28 | } 29 | random = { 30 | source = "hashicorp/random" 31 | } 32 | template = { 33 | source = "hashicorp/template" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /5-app-infra/source_repos/service-catalog/modules/metadata/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | kms\_key\_name | The KMS key to be used on the keyring, if not specified will use the default key created in 4-projects step" | `string` | `""` | no | 7 | | kms\_keyring | The KMS keyring that will be used when selecting the KMS key, preferably this should be on the same region as the other resources and the same environment.
This value can be obtained by running "gcloud kms keyrings list --project=KMS\_PROJECT\_ID --location=REGION." | `string` | n/a | yes | 8 | | name | The name of the metadata store instance. | `string` | n/a | yes | 9 | | project\_id | Project ID. | `string` | n/a | yes | 10 | | region | The resource region, one of [us-central1, us-east4]. | `string` | `"us-central1"` | no | 11 | 12 | ## Outputs 13 | 14 | | Name | Description | 15 | |------|-------------| 16 | | vertex\_ai\_metadata\_store | Vertex AI Metadata Store. | 17 | 18 | 19 | -------------------------------------------------------------------------------- /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | // For format details, see https://aka.ms/devcontainer.json. For config options, see the 2 | // README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-dockerfile 3 | { 4 | "name": "BootStrap", 5 | "build": { 6 | // Sets the run context to one level up instead of the .devcontainer folder. 7 | "context": "..", 8 | // Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename. 9 | "dockerfile": "../Dockerfile-dev" 10 | } 11 | 12 | // Features to add to the dev container. More info: https://containers.dev/features. 13 | // "features": {}, 14 | 15 | // Use 'forwardPorts' to make a list of ports inside the container available locally. 16 | // "forwardPorts": [], 17 | 18 | // Uncomment the next line to run commands after the container is created. 19 | // "postCreateCommand": "cat /etc/os-release", 20 | 21 | // Configure tool-specific properties. 22 | // "customizations": {}, 23 | 24 | // Uncomment to connect as an existing user other than the container default. More info: https://aka.ms/dev-containers-non-root. 25 | // "remoteUser": "devcontainer" 26 | } 27 | -------------------------------------------------------------------------------- /1-org/envs/shared/ml_key_rings.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // Creates a keyring for each region (us-central1, us-east4) 18 | module "kms_keyring" { 19 | source = "../../modules/ml_kms_keyring" 20 | 21 | keyring_admins = [ 22 | "serviceAccount:${local.projects_step_terraform_service_account_email}" 23 | ] 24 | 25 | project_id = module.org_kms.project_id 26 | keyring_regions = var.keyring_regions 27 | keyring_name = var.keyring_name 28 | kms_prevent_destroy = var.kms_prevent_destroy 29 | } 30 | -------------------------------------------------------------------------------- /4-projects/modules/ml_env/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | random = { 21 | source = "hashicorp/random" 22 | version = ">= 3.3" 23 | } 24 | } 25 | 26 | provider_meta "google" { 27 | module_name = "blueprints/terraform/terraform-google-enterprise-genai:projects/v0.0.1" 28 | } 29 | 30 | provider_meta "google-beta" { 31 | module_name = "blueprints/terraform/terraform-google-enterprise-genai:projects/v0.0.1" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /3-networks-svpc/modules/hierarchical_firewall_policy/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Inputs 3 | 4 | | Name | Description | Type | Default | Required | 5 | |------|-------------|------|---------|:--------:| 6 | | associations | Resources to associate the policy to | `list(string)` | n/a | yes | 7 | | name | Hierarchical policy name | `string` | n/a | yes | 8 | | parent | Where the firewall policy will be created (can be organizations/{organization\_id} or folders/{folder\_id}) | `string` | n/a | yes | 9 | | rules | Firewall rules to add to the policy | 
map(object({
    description             = string
    direction               = string
    action                  = string
    priority                = number
    ranges                  = list(string)
    ports                   = map(list(string))
    target_service_accounts = list(string)
    target_resources        = list(string)
    logging                 = bool
  }))
| `{}` | no | 10 | 11 | ## Outputs 12 | 13 | | Name | Description | 14 | |------|-------------| 15 | | id | n/a | 16 | 17 | 18 | -------------------------------------------------------------------------------- /policy-library/lib/constraints.rego: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2021 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | package validator.gcp.lib 18 | 19 | # Function to fetch the constraint spec 20 | # Usage: 21 | # get_constraint_params(constraint, params) 22 | 23 | get_constraint_params(constraint) = params { 24 | params := constraint.spec.parameters 25 | } 26 | 27 | # Function to fetch constraint info 28 | # Usage: 29 | # get_constraint_info(constraint, info) 30 | 31 | get_constraint_info(constraint) = info { 32 | info := { 33 | "name": constraint.metadata.name, 34 | "kind": constraint.kind, 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /policy-library/policies/constraints/sql_ssl.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | apiVersion: constraints.gatekeeper.sh/v1alpha1 # Copyright 2019 Google LLC 16 | kind: GCPSQLSSLConstraintV1 17 | metadata: 18 | name: require_sql_ssl 19 | annotations: 20 | bundles.validator.forsetisecurity.org/scorecard-v1: security 21 | # This constraint has not been validated by the formal CIS certification process. 22 | bundles.validator.forsetisecurity.org/cis-v1.1: 6.01 23 | description: Checks if Cloud SQL instances have SSL turned on. 24 | spec: 25 | severity: high 26 | parameters: {} 27 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/ml_env/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 1.3" 19 | required_providers { 20 | random = { 21 | source = "hashicorp/random" 22 | version = ">= 3.3" 23 | } 24 | } 25 | 26 | provider_meta "google" { 27 | module_name = "blueprints/terraform/terraform-google-enterprise-genai:projects/v0.0.1" 28 | } 29 | 30 | provider_meta "google-beta" { 31 | module_name = "blueprints/terraform/terraform-google-enterprise-genai:projects/v0.0.1" 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /3-networks-svpc/modules/base_shared_vpc/private_service_connect.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | module "private_service_connect" { 19 | source = "terraform-google-modules/network/google//modules/private-service-connect" 20 | version = "~> 7.0" 21 | 22 | project_id = var.project_id 23 | dns_code = "dz-${var.environment_code}-shared-base" 24 | network_self_link = module.main.network_self_link 25 | private_service_connect_ip = var.private_service_connect_ip 26 | forwarding_rule_target = "all-apis" 27 | } 28 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/development/locals.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2021 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | business_unit = "ml_business_unit" 19 | business_code = "ml" 20 | env = "development" 21 | environment_code = "d" 22 | region_kms_keyring = [for i in local.env_keyrings : i if split("/", i)[3] == var.instance_region] 23 | roles = [ 24 | "roles/bigquery.admin", 25 | "roles/dataflow.admin", 26 | "roles/dataflow.worker", 27 | "roles/storage.admin", 28 | "roles/aiplatform.admin", 29 | ] 30 | } 31 | 32 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/modules/base_env/data.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | data "google_project" "project" { 18 | project_id = var.project_id 19 | } 20 | 21 | data "google_service_account" "nonproduction" { 22 | project = var.non_production_project_id 23 | account_id = "${var.non_production_project_number}-compute@developer.gserviceaccount.com" 24 | } 25 | 26 | data "google_service_account" "production" { 27 | project = var.production_project_id 28 | account_id = "${var.production_project_number}-compute@developer.gserviceaccount.com" 29 | } 30 | -------------------------------------------------------------------------------- /3-networks-svpc/modules/restricted_shared_vpc/private_service_connect.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | module "private_service_connect" { 19 | source = "terraform-google-modules/network/google//modules/private-service-connect" 20 | version = "~> 7.0" 21 | 22 | project_id = var.project_id 23 | dns_code = "dz-${var.environment_code}-shared-restricted" 24 | network_self_link = module.main.network_self_link 25 | private_service_connect_ip = var.private_service_connect_ip 26 | forwarding_rule_target = "vpc-sc" 27 | } 28 | -------------------------------------------------------------------------------- /policy-library/policies/constraints/appengine_versions.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: constraints.gatekeeper.sh/v1alpha1 # Copyright 2019 Google LLC 16 | kind: GCPAppEngineServiceVersionsConstraintV1 17 | metadata: 18 | name: service_versions 19 | annotations: 20 | bundles.validator.forsetisecurity.org/scorecard-v1: operational-efficiency 21 | description: "Limit the number App Engine application versions simultaneously 22 | running. installed." 23 | spec: 24 | match: 25 | target: # {"$ref":"#/definitions/io.k8s.cli.setters.target"} 26 | - organizations/** 27 | parameters: {} 28 | -------------------------------------------------------------------------------- /policy-library/policies/constraints/gke_node_pool_auto_repair.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | apiVersion: constraints.gatekeeper.sh/v1alpha1 # Copyright 2019 Google LLC 16 | kind: GCPGKENodeAutoRepairConstraintV1 17 | metadata: 18 | name: enable_auto_repair 19 | annotations: 20 | description: "Ensure automatic node repair is enabled on all node pools in a GKE 21 | cluster" 22 | # This constraint is not certified by CIS. 23 | bundles.validator.forsetisecurity.org/cis-v1.1: 7.07 24 | bundles.validator.forsetisecurity.org/scorecard-v1: security 25 | spec: 26 | severity: high 27 | parameters: {} 28 | -------------------------------------------------------------------------------- /4-projects/modules/ml_env/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "machine_learning_project_id" { 18 | description = "Project machine learning project." 19 | value = module.machine_learning_project.project_id 20 | } 21 | 22 | output "machine_learning_project_number" { 23 | description = "Project number of machine learning project." 24 | value = module.machine_learning_project.project_number 25 | } 26 | 27 | output "machine_learning_kms_keys" { 28 | description = "Key ID for the machine learning project." 29 | value = module.machine_learning_project.kms_keys 30 | } 31 | -------------------------------------------------------------------------------- /4-projects/modules/ml_kms_key/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "key_rings" { 18 | description = "Keyrings to attach project key to." 19 | type = list(string) 20 | } 21 | 22 | variable "project_name" { 23 | description = "Project Name." 24 | type = string 25 | } 26 | 27 | variable "key_rotation_period" { 28 | description = "Rotation period in seconds to be used for KMS Key." 29 | type = string 30 | default = "7776000s" 31 | } 32 | 33 | variable "prevent_destroy" { 34 | description = "Prevent Key destruction." 35 | type = bool 36 | } 37 | -------------------------------------------------------------------------------- /policy-library/policies/constraints/dnssec_prevent_rsasha1_ksk.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | apiVersion: constraints.gatekeeper.sh/v1alpha1 # Copyright 2019 Google LLC 16 | kind: GCPDNSSECPreventRSASHA1ConstraintV1 17 | metadata: 18 | name: dnssec_prevent_rsasha1_ksk 19 | annotations: 20 | description: Ensure that RSASHA1 is not used for key-signing key in Cloud DNS 21 | # This constraint is not certified by CIS. 22 | bundles.validator.forsetisecurity.org/cis-v1.1: 3.04 23 | bundles.validator.forsetisecurity.org/scorecard-v1: security 24 | spec: 25 | severity: high 26 | parameters: 27 | keyType: KEY_SIGNING 28 | -------------------------------------------------------------------------------- /policy-library/policies/constraints/dnssec_prevent_rsasha1_zsk.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | apiVersion: constraints.gatekeeper.sh/v1alpha1 # Copyright 2019 Google LLC 16 | kind: GCPDNSSECPreventRSASHA1ConstraintV1 17 | metadata: 18 | name: dnssec_prevent_rsasha1_zsk 19 | annotations: 20 | description: Ensure that RSASHA1 is not used for zone-signing key in Cloud DNS 21 | # This constraint is not certified by CIS. 22 | bundles.validator.forsetisecurity.org/cis-v1.1: 3.05 23 | bundles.validator.forsetisecurity.org/scorecard-v1: security 24 | spec: 25 | severity: high 26 | parameters: 27 | keyType: ZONE_SIGNING 28 | -------------------------------------------------------------------------------- /policy-library/policies/constraints/gke_restrict_pod_traffic.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # 15 | apiVersion: constraints.gatekeeper.sh/v1alpha1 # Copyright 2019 Google LLC 16 | kind: GCPGKERestrictPodTrafficConstraintV1 17 | metadata: 18 | name: gke_restrict_pod_traffic 19 | annotations: 20 | benchmark: GKE_HARDENING_GUIDELINE 21 | bundles.validator.forsetisecurity.org/scorecard-v1: security 22 | description: Checks that GKE clusters have a Network Policy installed. 23 | spec: 24 | severity: high 25 | match: 26 | target: # {"$ref":"#/definitions/io.k8s.cli.setters.target"} 27 | - organizations/** 28 | parameters: {} 29 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/ml_env/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "machine_learning_project_id" { 18 | description = "Project machine learning project." 19 | value = module.machine_learning_project.project_id 20 | } 21 | 22 | output "machine_learning_project_number" { 23 | description = "Project number of machine learning project." 24 | value = module.machine_learning_project.project_number 25 | } 26 | 27 | output "machine_learning_kms_keys" { 28 | description = "Key ID for the machine learning project." 29 | value = module.machine_learning_project.kms_keys 30 | } 31 | -------------------------------------------------------------------------------- /docs/assets/terraform/4-projects/modules/ml_kms_key/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "key_rings" { 18 | description = "Keyrings to attach project key to." 19 | type = list(string) 20 | } 21 | 22 | variable "project_name" { 23 | description = "Project Name." 24 | type = string 25 | } 26 | 27 | variable "key_rotation_period" { 28 | description = "Rotation period in seconds to be used for KMS Key." 29 | type = string 30 | default = "7776000s" 31 | } 32 | 33 | variable "prevent_destroy" { 34 | description = "Prevent Key destruction." 35 | type = bool 36 | } 37 | -------------------------------------------------------------------------------- /1-org/.gitignore: -------------------------------------------------------------------------------- 1 | # OSX leaves these everywhere on SMB shares 2 | ._* 3 | 4 | # OSX trash 5 | .DS_Store 6 | 7 | # Python 8 | *.pyc 9 | 10 | # Emacs save files 11 | *~ 12 | \#*\# 13 | .\#* 14 | 15 | # Vim-related files 16 | [._]*.s[a-w][a-z] 17 | [._]s[a-w][a-z] 18 | *.un~ 19 | Session.vim 20 | .netrwhist 21 | 22 | ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore 23 | 24 | # Local .terraform directories 25 | **/.terraform/* 26 | 27 | # .tfstate files 28 | *.tfstate 29 | *.tfstate.* 30 | 31 | # Crash log files 32 | crash.log 33 | 34 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 35 | # .tfvars files are managed as part of configuration and so should be included in 36 | # version control. 37 | # 38 | # example.tfvars 39 | 40 | # Ignore override files as they are usually used to override resources locally and so 41 | # are not checked in 42 | override.tf 43 | override.tf.json 44 | *_override.tf 45 | *_override.tf.json 46 | .idea/ 47 | .vscode/ 48 | # Kitchen files 49 | **/inspec.lock 50 | **.gem 51 | **/.kitchen 52 | **/.kitchen.local.yml 53 | **/Gemfile.lock 54 | 55 | credentials.json 56 | 57 | # File to populate env vars used by Docker test runs 58 | .envrc 59 | -------------------------------------------------------------------------------- /0-bootstrap/.gitignore: -------------------------------------------------------------------------------- 1 | # OSX leaves these everywhere on SMB shares 2 | ._* 3 | 4 | # OSX trash 5 | .DS_Store 6 | 7 | # Python 8 | *.pyc 9 | 10 | # Emacs save files 11 | *~ 12 | \#*\# 13 | .\#* 14 | 15 | # Vim-related files 16 | [._]*.s[a-w][a-z] 17 | [._]s[a-w][a-z] 18 | *.un~ 19 | Session.vim 20 | .netrwhist 21 | 22 | ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore 23 | 24 | # Local .terraform directories 25 | **/.terraform/* 26 | 27 | # .tfstate files 28 | *.tfstate 29 | *.tfstate.* 30 | 31 | # Crash log files 32 | crash.log 33 | 34 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 35 | # .tfvars files are managed as part of configuration and so should be included in 36 | # version control. 37 | # 38 | # example.tfvars 39 | 40 | # Ignore override files as they are usually used to override resources locally and so 41 | # are not checked in 42 | override.tf 43 | override.tf.json 44 | *_override.tf 45 | *_override.tf.json 46 | .idea/ 47 | .vscode/ 48 | # Kitchen files 49 | **/inspec.lock 50 | **.gem 51 | **/.kitchen 52 | **/.kitchen.local.yml 53 | **/Gemfile.lock 54 | 55 | credentials.json 56 | 57 | # File to populate env vars used by Docker test runs 58 | .envrc 59 | -------------------------------------------------------------------------------- /2-environments/.gitignore: -------------------------------------------------------------------------------- 1 | # OSX leaves these everywhere on SMB shares 2 | ._* 3 | 4 | # OSX trash 5 | .DS_Store 6 | 7 | # Python 8 | *.pyc 9 | 10 | # Emacs save files 11 | *~ 12 | \#*\# 13 | .\#* 14 | 15 | # Vim-related files 16 | [._]*.s[a-w][a-z] 17 | [._]s[a-w][a-z] 18 | *.un~ 19 | Session.vim 20 | .netrwhist 21 | 22 | ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore 23 | 24 | # Local .terraform directories 25 | **/.terraform/* 26 | 27 | # .tfstate files 28 | *.tfstate 29 | *.tfstate.* 30 | 31 | # Crash log files 32 | crash.log 33 | 34 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 35 | # .tfvars files are managed as part of configuration and so should be included in 36 | # version control. 37 | # 38 | # example.tfvars 39 | 40 | # Ignore override files as they are usually used to override resources locally and so 41 | # are not checked in 42 | override.tf 43 | override.tf.json 44 | *_override.tf 45 | *_override.tf.json 46 | .idea/ 47 | .vscode/ 48 | # Kitchen files 49 | **/inspec.lock 50 | **.gem 51 | **/.kitchen 52 | **/.kitchen.local.yml 53 | **/Gemfile.lock 54 | 55 | credentials.json 56 | 57 | # File to populate env vars used by Docker test runs 58 | .envrc 59 | -------------------------------------------------------------------------------- /3-networks-svpc/.gitignore: -------------------------------------------------------------------------------- 1 | # OSX leaves these everywhere on SMB shares 2 | ._* 3 | 4 | # OSX trash 5 | .DS_Store 6 | 7 | # Python 8 | *.pyc 9 | 10 | # Emacs save files 11 | *~ 12 | \#*\# 13 | .\#* 14 | 15 | # Vim-related files 16 | [._]*.s[a-w][a-z] 17 | [._]s[a-w][a-z] 18 | *.un~ 19 | Session.vim 20 | .netrwhist 21 | 22 | ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore 23 | 24 | # Local .terraform directories 25 | **/.terraform/* 26 | 27 | # .tfstate files 28 | *.tfstate 29 | *.tfstate.* 30 | 31 | # Crash log files 32 | crash.log 33 | 34 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 35 | # .tfvars files are managed as part of configuration and so should be included in 36 | # version control. 37 | # 38 | # example.tfvars 39 | 40 | # Ignore override files as they are usually used to override resources locally and so 41 | # are not checked in 42 | override.tf 43 | override.tf.json 44 | *_override.tf 45 | *_override.tf.json 46 | .idea/ 47 | .vscode/ 48 | # Kitchen files 49 | **/inspec.lock 50 | **.gem 51 | **/.kitchen 52 | **/.kitchen.local.yml 53 | **/Gemfile.lock 54 | 55 | credentials.json 56 | 57 | # File to populate env vars used by Docker test runs 58 | .envrc 59 | -------------------------------------------------------------------------------- /5-app-infra/projects/artifact-publish/ml_business_unit/shared/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | 22 | google = { 23 | source = "hashicorp/google" 24 | version = ">= 3.77, < 6" 25 | } 26 | 27 | google-beta = { 28 | source = "hashicorp/google-beta" 29 | version = ">= 3.77, < 6" 30 | } 31 | 32 | null = { 33 | source = "hashicorp/null" 34 | version = "~> 3.0" 35 | } 36 | 37 | random = { 38 | source = "hashicorp/random" 39 | version = "~> 3.1" 40 | } 41 | 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /5-app-infra/projects/service-catalog/ml_business_unit/shared/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | 22 | google = { 23 | source = "hashicorp/google" 24 | version = ">= 3.77, < 6" 25 | } 26 | 27 | google-beta = { 28 | source = "hashicorp/google-beta" 29 | version = ">= 3.77, < 6" 30 | } 31 | 32 | null = { 33 | source = "hashicorp/null" 34 | version = "~> 3.0" 35 | } 36 | 37 | random = { 38 | source = "hashicorp/random" 39 | version = "~> 3.1" 40 | } 41 | 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/development/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | 22 | google = { 23 | source = "hashicorp/google" 24 | version = ">= 3.77, < 6" 25 | } 26 | 27 | google-beta = { 28 | source = "hashicorp/google-beta" 29 | version = ">= 3.77, < 6" 30 | } 31 | 32 | null = { 33 | source = "hashicorp/null" 34 | version = "~> 3.0" 35 | } 36 | 37 | random = { 38 | source = "hashicorp/random" 39 | version = "~> 3.1" 40 | } 41 | 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /examples/machine-learning-pipeline/ml_business_unit/production/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2022 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | 22 | google = { 23 | source = "hashicorp/google" 24 | version = ">= 3.77, < 6" 25 | } 26 | 27 | google-beta = { 28 | source = "hashicorp/google-beta" 29 | version = ">= 3.77, < 6" 30 | } 31 | 32 | null = { 33 | source = "hashicorp/null" 34 | version = "~> 3.0" 35 | } 36 | 37 | random = { 38 | source = "hashicorp/random" 39 | version = "~> 3.1" 40 | } 41 | 42 | } 43 | } 44 | --------------------------------------------------------------------------------