├── .dockerignore ├── .github ├── conventional-commit-lint.yaml ├── release-please.yml ├── renovate.json ├── trusted-contribution.yml └── workflows │ ├── lint.yaml │ └── stale.yml ├── .gitignore ├── CHANGELOG.md ├── CODEOWNERS ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── build ├── int.cloudbuild.yaml └── lint.cloudbuild.yaml ├── examples ├── agent_policy_detailed_example │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── agent_policy_simple_example │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── agent_policy_update_example │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── https_uptime_url_check │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── ops_agent_policy_install_all │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── ops_agent_policy_install_all_in_region │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf └── ops_agent_policy_install_all_in_zone │ ├── README.md │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── kitchen.yml ├── metadata.yaml ├── modules ├── agent-policy │ ├── README.md │ ├── main.tf │ ├── metadata.yaml │ ├── scripts │ │ ├── create-update-script.sh │ │ ├── delete-script.sh │ │ └── script-utils.sh │ ├── variables.tf │ └── versions.tf ├── ops-agent-policy │ ├── README.md │ ├── main.tf │ ├── major_version_install │ │ └── policy_major_version_install.yaml │ ├── metadata.yaml │ ├── outputs.tf │ ├── pin_to_version_install │ │ └── policy_pin_to_version_install.yaml │ ├── uninstall │ │ └── policy_uninstall.yaml │ ├── variables.tf │ └── versions.tf └── simple-uptime-check │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── test ├── .gitignore ├── agent-policy-tests ├── test-integration-update.sh └── test-script-utils.bats ├── fixtures ├── agent_policy_detailed_example │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── agent_policy_simple_example │ ├── main.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf └── agent_policy_update_example │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ ├── variables.tf │ └── versions.tf ├── go.mod ├── go.sum ├── integration ├── agent_policy_detailed_example │ ├── controls │ │ └── gcloud.rb │ └── inspec.yml ├── agent_policy_simple_example │ ├── controls │ │ └── gcloud.rb │ └── inspec.yml ├── agent_policy_update_example │ ├── controls │ │ └── gcloud.rb │ └── inspec.yml ├── discover_test.go └── https_uptime_url_check │ └── https_uptime_url_check_test.go ├── setup ├── .gitignore ├── iam.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf └── task_helper_functions.sh /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | .terraform 3 | .terraform.d 4 | .kitchen 5 | terraform.tfstate.d 6 | test/fixtures/*/.terraform 7 | test/fixtures/*/terraform.tfstate.d 8 | examples/.kitchen 9 | examples/*/.terraform 10 | examples/*/terraform.tfstate.d 11 | -------------------------------------------------------------------------------- /.github/conventional-commit-lint.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | enabled: true 19 | always_check_pr_title: true 20 | -------------------------------------------------------------------------------- /.github/release-please.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | releaseType: terraform-module 16 | handleGHRelease: true 17 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": ["github>GoogleCloudPlatform/cloud-foundation-toolkit//infra/terraform/test-org/github/resources/renovate"] 4 | } 5 | -------------------------------------------------------------------------------- /.github/trusted-contribution.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2023-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | annotations: 19 | - type: comment 20 | text: "/gcbrun" 21 | trustedContributors: 22 | - release-please[bot] 23 | - renovate[bot] 24 | - renovate-bot 25 | - forking-renovate[bot] 26 | - dependabot[bot] 27 | -------------------------------------------------------------------------------- /.github/workflows/lint.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2023-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from values at: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf 17 | 18 | name: 'lint' 19 | 20 | on: 21 | workflow_dispatch: 22 | pull_request: 23 | branches: 24 | - main 25 | 26 | concurrency: 27 | group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}' 28 | cancel-in-progress: true 29 | 30 | jobs: 31 | lint: 32 | name: 'lint' 33 | runs-on: 'ubuntu-latest' 34 | steps: 35 | - uses: 'actions/checkout@v4' 36 | - id: variables 37 | run: | 38 | MAKEFILE=$(find . -name Makefile -print -quit) 39 | if [ -z "$MAKEFILE" ]; then 40 | echo dev-tools=gcr.io/cloud-foundation-cicd/cft/developer-tools:1 >> "$GITHUB_OUTPUT" 41 | else 42 | VERSION=$(grep "DOCKER_TAG_VERSION_DEVELOPER_TOOLS := " $MAKEFILE | cut -d\ -f3) 43 | IMAGE=$(grep "DOCKER_IMAGE_DEVELOPER_TOOLS := " $MAKEFILE | cut -d\ -f3) 44 | REGISTRY=$(grep "REGISTRY_URL := " $MAKEFILE | cut -d\ -f3) 45 | echo dev-tools=${REGISTRY}/${IMAGE}:${VERSION} >> "$GITHUB_OUTPUT" 46 | fi 47 | - run: docker run --rm -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} module-swapper 48 | - run: docker run --rm -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} /usr/local/bin/test_lint.sh 49 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2022-2025 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # NOTE: This file is automatically generated from: 16 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/github 17 | 18 | name: "Close stale issues" 19 | on: 20 | schedule: 21 | - cron: "0 23 * * *" 22 | 23 | jobs: 24 | stale: 25 | if: github.repository_owner == 'GoogleCloudPlatform' || github.repository_owner == 'terraform-google-modules' 26 | runs-on: ubuntu-latest 27 | steps: 28 | - uses: actions/stale@v9 29 | with: 30 | repo-token: ${{ secrets.GITHUB_TOKEN }} 31 | stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' 32 | stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' 33 | exempt-issue-labels: 'triaged' 34 | exempt-pr-labels: 'dependencies,autorelease: pending' 35 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # OSX leaves these everywhere on SMB shares 2 | ._* 3 | 4 | # OSX trash 5 | .DS_Store 6 | 7 | # Python 8 | *.pyc 9 | 10 | # Emacs save files 11 | *~ 12 | \#*\# 13 | .\#* 14 | 15 | # Vim-related files 16 | [._]*.s[a-w][a-z] 17 | [._]s[a-w][a-z] 18 | *.un~ 19 | Session.vim 20 | .netrwhist 21 | 22 | ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore 23 | 24 | # Local .terraform directories 25 | **/.terraform/* 26 | 27 | # .tfstate files 28 | *.tfstate 29 | *.tfstate.* 30 | 31 | # .terraform.lock.hcl files 32 | .terraform.lock.hcl 33 | 34 | # Crash log files 35 | crash.log 36 | 37 | # Kitchen files 38 | **/inspec.lock 39 | **/.kitchen 40 | **/kitchen.local.yml 41 | **/Gemfile.lock 42 | 43 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 44 | # .tfvars files are managed as part of configuration and so should be included in 45 | # version control. 46 | **/*.tfvars 47 | 48 | credentials.json 49 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | The format is based on 6 | [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 7 | and this project adheres to 8 | [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 9 | This changelog is generated automatically based on [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/). 10 | 11 | ## [0.6.0](https://github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.5.1...v0.6.0) (2024-08-29) 12 | 13 | 14 | ### Features 15 | 16 | * **deps:** Update Terraform google to v6 ([#115](https://github.com/terraform-google-modules/terraform-google-cloud-operations/issues/115)) ([67b962c](https://github.com/terraform-google-modules/terraform-google-cloud-operations/commit/67b962c8420c3a5dc9b73358ead1ff86b7688d7f)) 17 | 18 | ## [0.5.1](https://github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.5.0...v0.5.1) (2024-08-02) 19 | 20 | 21 | ### Bug Fixes 22 | 23 | * disable gradual rollout ([#112](https://github.com/terraform-google-modules/terraform-google-cloud-operations/issues/112)) ([6adc018](https://github.com/terraform-google-modules/terraform-google-cloud-operations/commit/6adc01845cf2bd98ae440c15fae5fef62138a90d)) 24 | 25 | ## [0.5.0](https://github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.4.0...v0.5.0) (2024-06-24) 26 | 27 | 28 | ### Features 29 | 30 | * Implement new Ops agent policy module ([#101](https://github.com/terraform-google-modules/terraform-google-cloud-operations/issues/101)) ([a6598c3](https://github.com/terraform-google-modules/terraform-google-cloud-operations/commit/a6598c363ae6d446e732c9cf4762143ce16165a3)) 31 | 32 | ## [0.4.0](https://github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.3.0...v0.4.0) (2023-11-09) 33 | 34 | 35 | ### Features 36 | 37 | * upgraded versions.tf to include minor bumps from tpg v5 ([0d5f47c](https://github.com/terraform-google-modules/terraform-google-cloud-operations/commit/0d5f47c90180932170c3e8ce8d3240ecfb56dfea)) 38 | 39 | ## [0.3.0](https://github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.2.4...v0.3.0) (2023-06-21) 40 | 41 | 42 | ### Features 43 | 44 | * adding a simple uptime check sub-module ([#67](https://github.com/terraform-google-modules/terraform-google-cloud-operations/issues/67)) ([202afef](https://github.com/terraform-google-modules/terraform-google-cloud-operations/commit/202afeff2562199bf65cc0fc92d18345a7edad99)) 45 | 46 | ## [0.2.4](https://github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.2.3...v0.2.4) (2022-12-30) 47 | 48 | 49 | ### Bug Fixes 50 | 51 | * create uuid as a resource to save value between runs ([#58](https://github.com/terraform-google-modules/terraform-google-cloud-operations/issues/58)) ([2f0fed3](https://github.com/terraform-google-modules/terraform-google-cloud-operations/commit/2f0fed3a9e7ddad239f9ce8f817bfa2cab75acb3)) 52 | * fixes lint issues and generates metadata ([#56](https://github.com/terraform-google-modules/terraform-google-cloud-operations/issues/56)) ([e369bfb](https://github.com/terraform-google-modules/terraform-google-cloud-operations/commit/e369bfb736494815eefe059e111aeec51f1a5f2c)) 53 | 54 | 55 | ### [0.2.3](https://github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.2.2...v0.2.3) (2022-02-08) 56 | 57 | 58 | ### Bug Fixes 59 | 60 | * Use python3 explicitly and clean up python commands in script-utils.sh. ([#36](https://github.com/terraform-google-modules/terraform-google-cloud-operations/issues/36)) ([a1dcdb4](https://github.com/terraform-google-modules/terraform-google-cloud-operations/commit/a1dcdb46b4f6c090579085c521e9820a68907cf3)) 61 | 62 | ### [0.2.2](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.2.1...v0.2.2) (2021-10-15) 63 | 64 | 65 | ### Bug Fixes 66 | 67 | * remove dependency on realpath for mac ([#23](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/issues/23)) ([c69c4ec](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/commit/c69c4ecb54d4cfa8757fc50456388b45802e9e40)) 68 | * Support Python 3 ([#27](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/issues/27)) ([04094aa](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/commit/04094aaa1502f760ecbded9f451cc0099aad8c31)) 69 | * use relative paths in gcloud scripts ([#32](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/issues/32)) ([8f0b303](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/commit/8f0b303840ee59aaca9b14c63b6ea272be920881)) 70 | 71 | ### [0.2.1](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.2.0...v0.2.1) (2021-03-30) 72 | 73 | 74 | ### Bug Fixes 75 | 76 | * Fixing the swapped descriptiion ([#18](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/issues/18)) ([4ea8c76](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/commit/4ea8c768f95bcd052cb7cbf8ef820a3339565767)) 77 | * Update documentation to support ops-agent as a new agent type ([#16](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/issues/16)) ([bbdce0d](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/commit/bbdce0d6e76d1054098b8862e98eccf08db254e5)) 78 | 79 | ## [0.2.0](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.1.1...v0.2.0) (2021-02-03) 80 | 81 | 82 | ### Features 83 | 84 | * Promote alpha to beta ([#11](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/issues/11)) ([478e152](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/commit/478e152aaa91be105e5df227f4cab7a6461c7ec5)) 85 | 86 | ### [0.1.1](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/compare/v0.1.0...v0.1.1) (2020-10-07) 87 | 88 | 89 | ### Bug Fixes 90 | 91 | * Use full URL to fix broken links in the rendered Terraform doc. ([#9](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/issues/9)) ([8c5dd63](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/commit/8c5dd633289935c045687fa7d5974d29ccb8680e)) 92 | 93 | ## 0.1.0 (2020-09-11) 94 | 95 | 96 | ### Features 97 | 98 | * Initial release of agent policy module ([#2](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/issues/2)) ([1649ec8](https://www.github.com/terraform-google-modules/terraform-google-cloud-operations/commit/1649ec88d2cd9985da3d3b4f709551f5d540fb5a)) 99 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # NOTE: This file is automatically generated from values at: 2 | # https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/main/infra/terraform/test-org/org/locals.tf 3 | 4 | * @terraform-google-modules/cft-admins @imrannayer @terraform-google-modules/stackdriver-committers 5 | 6 | # NOTE: GitHub CODEOWNERS locations: 7 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection 8 | 9 | CODEOWNERS @terraform-google-modules/cft-admins 10 | .github/CODEOWNERS @terraform-google-modules/cft-admins 11 | docs/CODEOWNERS @terraform-google-modules/cft-admins 12 | 13 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | This document provides guidelines for contributing to the module. 4 | 5 | ## Dependencies 6 | 7 | The following dependencies must be installed on the development system: 8 | 9 | - [Docker Engine][docker-engine] 10 | - [Google Cloud SDK][google-cloud-sdk] 11 | - [make] 12 | 13 | ## Generating Documentation for Inputs and Outputs 14 | 15 | The Inputs and Outputs tables in the READMEs of the root module, 16 | submodules, and example modules are automatically generated based on 17 | the `variables` and `outputs` of the respective modules. These tables 18 | must be refreshed if the module interfaces are changed. 19 | 20 | ### Execution 21 | 22 | Run `make generate_docs` to generate new Inputs and Outputs tables. 23 | 24 | ## Integration Testing 25 | 26 | Integration tests are used to verify the behaviour of the root module, 27 | submodules, and example modules. Additions, changes, and fixes should 28 | be accompanied with tests. 29 | 30 | The integration tests are run using [Kitchen][kitchen], 31 | [Kitchen-Terraform][kitchen-terraform], and [InSpec][inspec]. These 32 | tools are packaged within a Docker image for convenience. 33 | 34 | The general strategy for these tests is to verify the behaviour of the 35 | [example modules](./examples/), thus ensuring that the root module, 36 | submodules, and example modules are all functionally correct. 37 | 38 | ### Test Environment 39 | The easiest way to test the module is in an isolated test project. The setup for such a project is defined in [test/setup](./test/setup/) directory. 40 | 41 | To use this setup, you need a service account with these permissions (on a Folder or Organization): 42 | - Project Creator 43 | - Project Billing Manager 44 | 45 | The project that the service account belongs to must have the following APIs enabled (the setup won't 46 | create any resources on the service account's project): 47 | - Cloud Resource Manager 48 | - Cloud Billing 49 | - Service Usage 50 | - Identity and Access Management (IAM) 51 | 52 | Export the Service Account credentials to your environment like so: 53 | 54 | ``` 55 | export SERVICE_ACCOUNT_JSON=$(< credentials.json) 56 | ``` 57 | 58 | You will also need to set a few environment variables: 59 | ``` 60 | export TF_VAR_org_id="your_org_id" 61 | export TF_VAR_folder_id="your_folder_id" 62 | export TF_VAR_billing_account="your_billing_account_id" 63 | ``` 64 | 65 | With these settings in place, you can prepare a test project using Docker: 66 | ``` 67 | make docker_test_prepare 68 | ``` 69 | 70 | ### Noninteractive Execution 71 | 72 | Run `make docker_test_integration` to test all of the example modules 73 | noninteractively, using the prepared test project. 74 | 75 | ### Interactive Execution 76 | 77 | 1. Run `make docker_run` to start the testing Docker container in 78 | interactive mode. 79 | 80 | 1. Run `kitchen_do create ` to initialize the working 81 | directory for an example module. 82 | 83 | 1. Run `kitchen_do converge ` to apply the example module. 84 | 85 | 1. Run `kitchen_do verify ` to test the example module. 86 | 87 | 1. Run `kitchen_do destroy ` to destroy the example module 88 | state. 89 | 90 | ## Linting and Formatting 91 | 92 | Many of the files in the repository can be linted or formatted to 93 | maintain a standard of quality. 94 | 95 | ### Execution 96 | 97 | Run `make docker_test_lint`. 98 | 99 | [docker-engine]: https://www.docker.com/products/docker-engine 100 | [flake8]: http://flake8.pycqa.org/en/latest/ 101 | [gofmt]: https://golang.org/cmd/gofmt/ 102 | [google-cloud-sdk]: https://cloud.google.com/sdk/install 103 | [hadolint]: https://github.com/hadolint/hadolint 104 | [inspec]: https://inspec.io/ 105 | [kitchen-terraform]: https://github.com/newcontext-oss/kitchen-terraform 106 | [kitchen]: https://kitchen.ci/ 107 | [make]: https://en.wikipedia.org/wiki/Make_(software) 108 | [shellcheck]: https://www.shellcheck.net/ 109 | [terraform-docs]: https://github.com/segmentio/terraform-docs 110 | [terraform]: https://terraform.io/ 111 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Please note that this file was generated from [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template). 16 | # Please make sure to contribute relevant changes upstream! 17 | 18 | # Make will use bash instead of sh 19 | SHELL := /usr/bin/env bash 20 | 21 | DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22 22 | DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools 23 | REGISTRY_URL := gcr.io/cloud-foundation-cicd 24 | 25 | # Enter docker container for local development 26 | .PHONY: docker_run 27 | docker_run: 28 | docker run --rm -it \ 29 | -e SERVICE_ACCOUNT_JSON \ 30 | -v "$(CURDIR)":/workspace \ 31 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 32 | /bin/bash 33 | 34 | # Execute prepare tests within the docker container 35 | .PHONY: docker_test_prepare 36 | docker_test_prepare: 37 | docker run --rm -it \ 38 | -e SERVICE_ACCOUNT_JSON \ 39 | -e TF_VAR_org_id \ 40 | -e TF_VAR_folder_id \ 41 | -e TF_VAR_billing_account \ 42 | -v "$(CURDIR)":/workspace \ 43 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 44 | /usr/local/bin/execute_with_credentials.sh prepare_environment 45 | 46 | # Clean up test environment within the docker container 47 | .PHONY: docker_test_cleanup 48 | docker_test_cleanup: 49 | docker run --rm -it \ 50 | -e SERVICE_ACCOUNT_JSON \ 51 | -e TF_VAR_org_id \ 52 | -e TF_VAR_folder_id \ 53 | -e TF_VAR_billing_account \ 54 | -v "$(CURDIR)":/workspace \ 55 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 56 | /usr/local/bin/execute_with_credentials.sh cleanup_environment 57 | 58 | # Execute integration tests within the docker container 59 | .PHONY: docker_test_integration 60 | docker_test_integration: 61 | docker run --rm -it \ 62 | -e SERVICE_ACCOUNT_JSON \ 63 | -v "$(CURDIR)":/workspace \ 64 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 65 | /usr/local/bin/test_integration.sh 66 | 67 | # Execute lint tests within the docker container 68 | .PHONY: docker_test_lint 69 | docker_test_lint: 70 | docker run --rm -it \ 71 | -e EXCLUDE_LINT_DIRS \ 72 | -v "$(CURDIR)":/workspace \ 73 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 74 | /usr/local/bin/test_lint.sh 75 | 76 | # Execute bats tests within the docker container 77 | .PHONY: docker_test_bats 78 | docker_test_bats: 79 | docker run --rm -it \ 80 | -v $(CURDIR):/workspace \ 81 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 82 | /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && test_bats' 83 | 84 | # Execute update integration tests within the docker container 85 | .PHONY: docker_test_integration_update 86 | docker_test_integration_update: 87 | docker run --rm -it \ 88 | -e SERVICE_ACCOUNT_JSON \ 89 | -v "$(CURDIR)":/workspace \ 90 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 91 | /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && test_integration_update' 92 | 93 | # Generate documentation 94 | .PHONY: docker_generate_docs 95 | docker_generate_docs: 96 | docker run --rm -it \ 97 | -v "$(CURDIR)":/workspace \ 98 | $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ 99 | /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' 100 | 101 | # Alias for backwards compatibility 102 | .PHONY: generate_docs 103 | generate_docs: docker_generate_docs 104 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # terraform-google-cloud-operations 2 | 3 | This module is a collection of submodules related to Google Cloud Operations (Logging and Monitoring): 4 | 5 | - [Agent Policy (Beta)](https://github.com/terraform-google-modules/terraform-google-cloud-operations/blob/master/modules/agent-policy/README.md) 6 | - This module is only compatible with Linux and OS X. It cannot be run on Windows. 7 | - [Ops Agent Policy (GA)](https://github.com/terraform-google-modules/terraform-google-cloud-operations/blob/master/modules/ops-agent-policy/README.md) 8 | - [Simple Uptime Check](https://github.com/terraform-google-modules/terraform-google-cloud-operations/blob/master/modules/simple-uptime-check/README.md) 9 | 10 | ## Usage 11 | 12 | Each submodule's usage is documented in the [modules](https://github.com/terraform-google-modules/terraform-google-cloud-operations/blob/master/modules) folder. Functional examples are included in the [examples](https://github.com/terraform-google-modules/terraform-google-cloud-operations/blob/master/examples/) directory. 13 | 14 | ## Contributing 15 | 16 | Refer to the [contribution guidelines](https://github.com/terraform-google-modules/terraform-google-cloud-operations/blob/master/CONTRIBUTING.md) for 17 | information on contributing to this module. 18 | -------------------------------------------------------------------------------- /build/int.cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | timeout: 3600s 16 | steps: 17 | - id: swap-module-refs 18 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 19 | args: ['module-swapper'] 20 | - name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 21 | id: 'bats' 22 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && test_bats'] 23 | - id: prepare 24 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 25 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment && sleep 120'] 26 | env: 27 | - 'TF_VAR_org_id=$_ORG_ID' 28 | - 'TF_VAR_folder_id=$_FOLDER_ID' 29 | - 'TF_VAR_billing_account=$_BILLING_ACCOUNT' 30 | - id: create 31 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 32 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create'] 33 | - id: converge 34 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 35 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge'] 36 | - id: verify 37 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 38 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify'] 39 | - id: update 40 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 41 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && test_integration_update'] 42 | - id: destroy 43 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 44 | args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy'] 45 | - id: create-uptime 46 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 47 | args: ['/bin/bash', '-c', 'cft test run TestUptimeCheckModule --stage init --verbose'] 48 | - id: apply-uptime 49 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 50 | args: ['/bin/bash', '-c', 'cft test run TestUptimeCheckModule --stage apply --verbose'] 51 | - id: verify-uptime 52 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 53 | args: ['/bin/bash', '-c', 'cft test run TestUptimeCheckModule --stage verify --verbose'] 54 | - id: destroy-uptime 55 | name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 56 | args: ['/bin/bash', '-c', 'cft test run TestUptimeCheckModule --stage destroy --verbose'] 57 | tags: 58 | - 'ci' 59 | - 'integration' 60 | - 'bats' 61 | substitutions: 62 | _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' 63 | _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22' 64 | -------------------------------------------------------------------------------- /build/lint.cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | steps: 16 | - name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' 17 | id: 'lint' 18 | args: ['/usr/local/bin/test_lint.sh'] 19 | tags: 20 | - 'ci' 21 | - 'lint' 22 | substitutions: 23 | _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' 24 | _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22' 25 | -------------------------------------------------------------------------------- /examples/agent_policy_detailed_example/README.md: -------------------------------------------------------------------------------- 1 | # Simple Example 2 | 3 | This example illustrates how to use the `agent-policy` module. 4 | 5 | 6 | ## Inputs 7 | 8 | | Name | Description | Type | Default | Required | 9 | |------|-------------|------|---------|:--------:| 10 | | project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes | 11 | 12 | ## Outputs 13 | 14 | No outputs. 15 | 16 | 17 | 18 | To provision this example, run the following from within this directory: 19 | - `terraform init` to get the plugins 20 | - `terraform plan` to see the infrastructure plan 21 | - `terraform apply` to apply the infrastructure build 22 | - `terraform destroy` to destroy the built infrastructure 23 | -------------------------------------------------------------------------------- /examples/agent_policy_detailed_example/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "agent_policy_detailed" { 18 | source = "terraform-google-modules/cloud-operations/google//modules/agent-policy" 19 | version = "~> 0.6" 20 | 21 | project_id = var.project_id 22 | policy_id = "ops-agents-test-policy-detailed" 23 | description = "an example policy description" 24 | agent_rules = [ 25 | { 26 | type = "logging" 27 | version = "current-major" 28 | package_state = "installed" 29 | enable_autoupgrade = true 30 | }, 31 | { 32 | type = "metrics" 33 | version = "current-major" 34 | package_state = "installed" 35 | enable_autoupgrade = true 36 | }, 37 | ] 38 | group_labels = [ 39 | { 40 | env = "prod" 41 | product = "myapp" 42 | }, 43 | { 44 | env = "staging" 45 | product = "myapp" 46 | } 47 | ] 48 | os_types = [ 49 | { 50 | short_name = "debian" 51 | version = "10" 52 | }, 53 | ] 54 | zones = [ 55 | "us-central1-c", 56 | "asia-northeast2-b", 57 | "europe-north1-b", 58 | ] 59 | instances = ["zones/us-central1-a/instances/test-instance"] 60 | } 61 | -------------------------------------------------------------------------------- /examples/agent_policy_detailed_example/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which to provision resources." 19 | type = string 20 | } 21 | -------------------------------------------------------------------------------- /examples/agent_policy_detailed_example/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = "~> 4.0" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /examples/agent_policy_simple_example/README.md: -------------------------------------------------------------------------------- 1 | # Simple Example 2 | 3 | This example illustrates how to use the `agent-policy` module. 4 | 5 | 6 | ## Inputs 7 | 8 | | Name | Description | Type | Default | Required | 9 | |------|-------------|------|---------|:--------:| 10 | | project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes | 11 | 12 | ## Outputs 13 | 14 | No outputs. 15 | 16 | 17 | 18 | To provision this example, run the following from within this directory: 19 | - `terraform init` to get the plugins 20 | - `terraform plan` to see the infrastructure plan 21 | - `terraform apply` to apply the infrastructure build 22 | - `terraform destroy` to destroy the built infrastructure 23 | -------------------------------------------------------------------------------- /examples/agent_policy_simple_example/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "agent_policy_simple" { 18 | source = "terraform-google-modules/cloud-operations/google//modules/agent-policy" 19 | version = "~> 0.6" 20 | 21 | project_id = var.project_id 22 | policy_id = "ops-agents-test-policy-simple" 23 | agent_rules = [ 24 | { 25 | type = "logging" 26 | version = "current-major" 27 | package_state = "installed" 28 | enable_autoupgrade = true 29 | }, 30 | { 31 | type = "metrics" 32 | version = "current-major" 33 | package_state = "installed" 34 | enable_autoupgrade = true 35 | }, 36 | ] 37 | group_labels = [ 38 | { 39 | env = "prod" 40 | app = "myproduct" 41 | } 42 | ] 43 | os_types = [ 44 | { 45 | short_name = "centos" 46 | version = "8" 47 | }, 48 | ] 49 | } 50 | -------------------------------------------------------------------------------- /examples/agent_policy_simple_example/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which to provision resources." 19 | type = string 20 | } 21 | -------------------------------------------------------------------------------- /examples/agent_policy_simple_example/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = "~> 4.0" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /examples/agent_policy_update_example/README.md: -------------------------------------------------------------------------------- 1 | # Update Example 2 | 3 | This example is specifically for testing update functionality. 4 | 5 | 6 | ## Inputs 7 | 8 | | Name | Description | Type | Default | Required | 9 | |------|-------------|------|---------|:--------:| 10 | | agent\_rules | A list of agent rules to be enforced by the policy. | `list(any)` | n/a | yes | 11 | | description | The description of the policy. | `string` | `null` | no | 12 | | group\_labels | A list of label maps to filter instances to apply policies on. | `list(map(string))` | `null` | no | 13 | | instances | A list of zones to filter instances to apply the policy. | `list(string)` | `null` | no | 14 | | os\_types | A list of label maps to filter instances to apply policies on. | `list(any)` | n/a | yes | 15 | | project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes | 16 | | zones | A list of zones to filter instances to apply the policy. | `list(string)` | `null` | no | 17 | 18 | ## Outputs 19 | 20 | No outputs. 21 | 22 | 23 | 24 | To provision this example, run the following from within this directory: 25 | - `terraform init` to get the plugins 26 | - `terraform plan` to see the infrastructure plan 27 | - `terraform apply` to apply the infrastructure build 28 | - `terraform destroy` to destroy the built infrastructure 29 | -------------------------------------------------------------------------------- /examples/agent_policy_update_example/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "agent_policy_update" { 18 | source = "terraform-google-modules/cloud-operations/google//modules/agent-policy" 19 | version = "~> 0.6" 20 | 21 | project_id = var.project_id 22 | policy_id = "ops-agents-test-policy-update" 23 | description = var.description 24 | agent_rules = var.agent_rules 25 | group_labels = var.group_labels 26 | os_types = var.os_types 27 | zones = var.zones 28 | instances = var.instances 29 | } 30 | -------------------------------------------------------------------------------- /examples/agent_policy_update_example/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which to provision resources." 19 | type = string 20 | } 21 | 22 | variable "description" { 23 | description = "The description of the policy." 24 | type = string 25 | default = null 26 | } 27 | 28 | variable "agent_rules" { 29 | description = "A list of agent rules to be enforced by the policy." 30 | type = list(any) 31 | } 32 | 33 | variable "group_labels" { 34 | description = "A list of label maps to filter instances to apply policies on." 35 | type = list(map(string)) 36 | default = null 37 | } 38 | 39 | variable "os_types" { 40 | description = "A list of label maps to filter instances to apply policies on." 41 | type = list(any) 42 | } 43 | 44 | variable "zones" { 45 | description = "A list of zones to filter instances to apply the policy." 46 | type = list(string) 47 | default = null 48 | } 49 | 50 | variable "instances" { 51 | description = "A list of zones to filter instances to apply the policy." 52 | type = list(string) 53 | default = null 54 | } 55 | -------------------------------------------------------------------------------- /examples/agent_policy_update_example/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2018 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = "~> 4.0" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /examples/https_uptime_url_check/README.md: -------------------------------------------------------------------------------- 1 | # HTTPS Uptime URL Check Example 2 | 3 | This example illustrates how to use the `simple-uptime-check` module for a simple HTTPS Uptime URL check. 4 | 5 | 6 | ## Inputs 7 | 8 | | Name | Description | Type | Default | Required | 9 | |------|-------------|------|---------|:--------:| 10 | | email | Email address to alert if uptime check fails. | `string` | `"example-email@gmail.com"` | no | 11 | | hostname | The base hostname for the uptime check. | `string` | `"example-hostname.com"` | no | 12 | | project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes | 13 | | uptime\_check\_display\_name | The ID of the project in which to provision resources. | `string` | `"example-uptime-check-name"` | no | 14 | 15 | ## Outputs 16 | 17 | | Name | Description | 18 | |------|-------------| 19 | | alert\_policy\_id | The id of the alert policy. | 20 | | notification\_channel\_ids | The ids of the notification channels | 21 | | uptime\_check\_id | The id of the uptime check. | 22 | 23 | 24 | 25 | To provision this example, run the following from within this directory: 26 | - `terraform init` to get the plugins 27 | - `terraform plan` to see the infrastructure plan 28 | - `terraform apply` to apply the infrastructure build 29 | - `terraform destroy` to destroy the built infrastructure 30 | -------------------------------------------------------------------------------- /examples/https_uptime_url_check/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "uptime-check" { 18 | source = "terraform-google-modules/cloud-operations/google//modules/simple-uptime-check" 19 | version = "~> 0.6" 20 | 21 | project_id = var.project_id 22 | uptime_check_display_name = var.uptime_check_display_name 23 | protocol = "HTTPS" 24 | monitored_resource = { 25 | monitored_resource_type = "uptime_url" 26 | labels = { 27 | "project_id" = var.project_id 28 | "host" = var.hostname 29 | } 30 | } 31 | 32 | notification_channels = [ 33 | { 34 | display_name = "Email Notification Channel" 35 | type = "email" 36 | labels = { email_address = var.email } 37 | }, 38 | # { 39 | # display_name = "SMS Notification Channel" 40 | # type = "sms" 41 | # labels = { number = var.sms } 42 | # } 43 | ] 44 | } 45 | -------------------------------------------------------------------------------- /examples/https_uptime_url_check/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | output "uptime_check_id" { 17 | description = "The id of the uptime check." 18 | value = module.uptime-check.uptime_check_id 19 | } 20 | 21 | output "alert_policy_id" { 22 | description = "The id of the alert policy." 23 | value = module.uptime-check.alert_policy_id 24 | } 25 | 26 | output "notification_channel_ids" { 27 | description = "The ids of the notification channels" 28 | value = module.uptime-check.notification_channel_ids 29 | } 30 | -------------------------------------------------------------------------------- /examples/https_uptime_url_check/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which to provision resources." 19 | type = string 20 | } 21 | 22 | variable "uptime_check_display_name" { 23 | description = "The ID of the project in which to provision resources." 24 | type = string 25 | default = "example-uptime-check-name" 26 | } 27 | 28 | variable "hostname" { 29 | description = "The base hostname for the uptime check." 30 | type = string 31 | default = "example-hostname.com" 32 | } 33 | 34 | variable "email" { 35 | description = "Email address to alert if uptime check fails." 36 | type = string 37 | default = "example-email@gmail.com" 38 | } 39 | 40 | # Uncomment if you'd like to add an SMS notification channel 41 | # variable "sms" { 42 | # description = "Phone number (including country code) to alert if uptime check fails." 43 | # type = string 44 | # default = "example-number" 45 | # } 46 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all/README.md: -------------------------------------------------------------------------------- 1 | # Ops Agent Policy Example 2 | 3 | This example illustrates how to use the `ops-agent-policy` module to install the ops agent on all VMs within a GCP project. 4 | 5 | 6 | ## Inputs 7 | 8 | | Name | Description | Type | Default | Required | 9 | |------|-------------|------|---------|:--------:| 10 | | project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes | 11 | 12 | ## Outputs 13 | 14 | No outputs. 15 | 16 | 17 | 18 | To provision this example, run the following from within this directory: 19 | - `terraform init` to get the plugins 20 | - `terraform plan` to see the infrastructure plan 21 | - `terraform apply` to apply the infrastructure build 22 | - `terraform destroy` to destroy the built infrastructure 23 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | provider "google" { 18 | project = var.project_id 19 | } 20 | 21 | data "google_compute_regions" "available" { 22 | } 23 | 24 | data "google_compute_zones" "available" { 25 | for_each = toset(data.google_compute_regions.available.names) 26 | region = each.value 27 | } 28 | 29 | module "ops_agent_policy" { 30 | for_each = toset(flatten([for zones in values(data.google_compute_zones.available) : zones.names])) 31 | source = "../../modules/ops-agent-policy" 32 | assignment_id = "ops-agent-policy-all-in-${each.key}" 33 | zone = each.key 34 | instance_filter = { all = true } 35 | } 36 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which to provision resources." 19 | type = string 20 | } 21 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = "~> 4.0" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all_in_region/README.md: -------------------------------------------------------------------------------- 1 | # Ops Agent Policy Example 2 | 3 | This example illustrates how to use the `ops-agent-policy` module to install the ops agent on all VMs in a region. 4 | 5 | 6 | ## Inputs 7 | 8 | | Name | Description | Type | Default | Required | 9 | |------|-------------|------|---------|:--------:| 10 | | project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes | 11 | | region | The region in which to enforce the agent to be installed/uninstalled. | `string` | n/a | yes | 12 | 13 | ## Outputs 14 | 15 | No outputs. 16 | 17 | 18 | 19 | To provision this example, run the following from within this directory: 20 | - `terraform init` to get the plugins 21 | - `terraform plan` to see the infrastructure plan 22 | - `terraform apply` to apply the infrastructure build 23 | - `terraform destroy` to destroy the built infrastructure 24 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all_in_region/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | provider "google" { 18 | project = var.project_id 19 | } 20 | 21 | data "google_compute_zones" "available" { 22 | region = var.region 23 | } 24 | 25 | module "ops_agent_policy" { 26 | for_each = toset(data.google_compute_zones.available.names) 27 | source = "../../modules/ops-agent-policy" 28 | assignment_id = "ops-agent-policy-all-in-${each.key}" 29 | zone = each.key 30 | instance_filter = { all = true } 31 | } 32 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all_in_region/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which to provision resources." 19 | type = string 20 | } 21 | variable "region" { 22 | description = "The region in which to enforce the agent to be installed/uninstalled." 23 | type = string 24 | } 25 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all_in_region/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = "~> 4.0" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all_in_zone/README.md: -------------------------------------------------------------------------------- 1 | # Ops Agent Policy Example 2 | 3 | This example illustrates how to use the `ops-agent-policy` module to install the ops agent on all VMs in a zone. 4 | 5 | 6 | ## Inputs 7 | 8 | | Name | Description | Type | Default | Required | 9 | |------|-------------|------|---------|:--------:| 10 | | project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes | 11 | | zone | The zone in which to install the ops agent. | `string` | n/a | yes | 12 | 13 | ## Outputs 14 | 15 | No outputs. 16 | 17 | 18 | 19 | To provision this example, run the following from within this directory: 20 | - `terraform init` to get the plugins 21 | - `terraform plan` to see the infrastructure plan 22 | - `terraform apply` to apply the infrastructure build 23 | - `terraform destroy` to destroy the built infrastructure 24 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all_in_zone/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | provider "google" { 18 | project = var.project_id 19 | } 20 | 21 | module "ops_agent_policy" { 22 | source = "../../modules/ops-agent-policy" 23 | assignment_id = "ops-agent-policy-all-in-${var.zone}" 24 | zone = var.zone 25 | instance_filter = { all = true } 26 | } 27 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all_in_zone/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which to provision resources." 19 | type = string 20 | } 21 | 22 | variable "zone" { 23 | description = "The zone in which to install the ops agent." 24 | type = string 25 | } 26 | -------------------------------------------------------------------------------- /examples/ops_agent_policy_install_all_in_zone/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = "~> 4.0" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /kitchen.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2018 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- 16 | driver: 17 | name: terraform 18 | 19 | provisioner: 20 | name: terraform 21 | 22 | verifier: 23 | name: terraform 24 | 25 | platforms: 26 | - name: default 27 | 28 | suites: 29 | - name: agent_policy_simple_example 30 | driver: 31 | root_module_directory: test/fixtures/agent_policy_simple_example/ 32 | verify_version: false 33 | verifier: 34 | color: false 35 | systems: 36 | - name: agent_policy_simple_example local 37 | backend: local 38 | controls: 39 | - gcloud 40 | - name: agent_policy_detailed_example 41 | driver: 42 | root_module_directory: test/fixtures/agent_policy_detailed_example/ 43 | verify_version: false 44 | verifier: 45 | color: false 46 | systems: 47 | - name: agent_policy_detailed_example local 48 | backend: local 49 | controls: 50 | - gcloud 51 | - name: agent_policy_update_example 52 | driver: 53 | root_module_directory: test/fixtures/agent_policy_update_example/ 54 | verify_version: false 55 | verifier: 56 | color: false 57 | systems: 58 | - name: agent_policy_update_example local 59 | backend: local 60 | controls: 61 | - gcloud 62 | -------------------------------------------------------------------------------- /metadata.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: blueprints.cloud.google.com/v1alpha1 16 | kind: BlueprintMetadata 17 | metadata: 18 | name: terraform-google-cloud-operations 19 | annotations: 20 | config.kubernetes.io/local-config: "true" 21 | spec: 22 | title: terraform-google-cloud-operations 23 | source: 24 | repo: https://github.com/terraform-google-modules/terraform-google-cloud-operations.git 25 | sourceType: git 26 | subBlueprints: 27 | - name: agent-policy 28 | location: modules/agent-policy 29 | examples: 30 | - name: agent_policy_detailed_example 31 | location: examples/agent_policy_detailed_example 32 | - name: agent_policy_simple_example 33 | location: examples/agent_policy_simple_example 34 | - name: agent_policy_update_example 35 | location: examples/agent_policy_update_example 36 | roles: 37 | - level: Project 38 | roles: 39 | - roles/owner 40 | - roles/osconfig.guestPolicyAdmin 41 | - roles/monitoring.metricWriter 42 | - roles/logging.logWriter 43 | services: 44 | - cloudresourcemanager.googleapis.com 45 | - serviceusage.googleapis.com 46 | - logging.googleapis.com 47 | - monitoring.googleapis.com 48 | - osconfig.googleapis.com 49 | -------------------------------------------------------------------------------- /modules/agent-policy/README.md: -------------------------------------------------------------------------------- 1 | # Agent Policy 2 | 3 | This module is used to install and manage metrics and logging agents in GCE. 4 | 5 | ## Usage 6 | 7 | Basic usage of this module is as follows: 8 | 9 | Sample module to install [Ops Agent](https://cloud.google.com/stackdriver/docs/solutions/ops-agent) on all CentOS 8 VMs with two labels "env=prod" and "app=myproduct". 10 | ```hcl 11 | module "agent_policy" { 12 | source = "terraform-google-modules/cloud-operations/google//modules/agent-policy" 13 | version = "~> 0.2.3" 14 | 15 | project_id = "" 16 | policy_id = "ops-agents-example-policy" 17 | agent_rules = [ 18 | { 19 | type = "ops-agent" 20 | version = "current-major" 21 | package_state = "installed" 22 | enable_autoupgrade = true 23 | }, 24 | ] 25 | group_labels = [ 26 | { 27 | env = "prod" 28 | app = "myproduct" 29 | } 30 | ] 31 | os_types = [ 32 | { 33 | short_name = "centos" 34 | version = "8" 35 | }, 36 | ] 37 | } 38 | ``` 39 | 40 | Sample module to install [Logging Agent](https://cloud.google.com/logging/docs/agent) and [Metrics Agent](https://cloud.google.com/monitoring/agent) on all CentOS 8 VMs with two labels "env=prod" and "app=myproduct". 41 | ```hcl 42 | module "agent_policy" { 43 | source = "terraform-google-modules/cloud-operations/google//modules/agent-policy" 44 | version = "~> 0.2.3" 45 | 46 | project_id = "" 47 | policy_id = "ops-agents-example-policy" 48 | agent_rules = [ 49 | { 50 | type = "logging" 51 | version = "current-major" 52 | package_state = "installed" 53 | enable_autoupgrade = true 54 | }, 55 | { 56 | type = "metrics" 57 | version = "current-major" 58 | package_state = "installed" 59 | enable_autoupgrade = true 60 | }, 61 | ] 62 | group_labels = [ 63 | { 64 | env = "prod" 65 | app = "myproduct" 66 | } 67 | ] 68 | os_types = [ 69 | { 70 | short_name = "centos" 71 | version = "8" 72 | }, 73 | ] 74 | } 75 | ``` 76 | 77 | Functional examples are included in the [examples](./../../examples) directory. 78 | 79 | 80 | ## Inputs 81 | 82 | | Name | Description | Type | Default | Required | 83 | |------|-------------|------|---------|:--------:| 84 | | agent\_rules | A list of agent rules to be enforced by the policy. | `list(any)` | n/a | yes | 85 | | description | The description of the policy. | `string` | `null` | no | 86 | | group\_labels | A list of label maps to filter instances to apply policies on. | `list(map(string))` | `null` | no | 87 | | instances | A list of instances to filter instances to apply the policy. | `list(string)` | `null` | no | 88 | | os\_types | A list of OS types to filter instances to apply the policy. | `list(any)` | n/a | yes | 89 | | policy\_id | The ID of the policy. | `string` | n/a | yes | 90 | | project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes | 91 | | zones | A list of zones to filter instances to apply the policy. | `list(string)` | `null` | no | 92 | 93 | ## Outputs 94 | 95 | No outputs. 96 | 97 | 98 | 99 | Note that additional validations may be enforced by the API. 100 | 101 | ### agent_rules variable 102 | 103 | Each agent rule in the list of agent rules contains the following fields: 104 | 105 | | Name | Description | Type | Default | Required | 106 | |------|-------------|:----:|:-----:|:-----:| 107 | | type | Type of agent to manage. Allowed values: `"logging"`, `"metrics"`, `"ops-agent"`. | string | n/a | yes | 108 | | version | Version of the agent to install. Allowed values and formats: `"current-major"`, `"latest"`, `"MAJOR_VERSION.*.*"`, `"MAJOR_VERSION.MINOR_VERSION.PATCH_VERSION"`, `"5.5.2-BUILD_NUMBER"`. `"5.5.2-BUILD_NUMBER"` is only allowed if `type="metrics"`. | string | `"current-major"` | no | 109 | | package\_state | Desired package state of the agent. Allowed values: `"installed"`, `"removed"`. | object | `"installed"` | no | 110 | | enable\_autoupgrade | Whether to enable autoupgrade of the agent. Allowed values: `true`, `false`. | list(string) | `true` | no | 111 | 112 | ### group_labels variable 113 | 114 | Group labels are represented as a list of label maps to filter instances that the policy applies to. Each entry in a label map is related by `AND` and each label map is related by `OR`. More details can be found in the [ops-agents policy docs][ops-agents-policy-docs]. 115 | 116 | ### instances variable 117 | 118 | Each item in the list must be in the format of `zones/ZONE_NAME/instances/INSTANCE_NAME`. To list all existing instances, run `gcloud compute instances list`. If this variable isn't provided, the variable will be set to its default value: `null`. 119 | 120 | ### os_types variable 121 | 122 | For now, exactly one OS type needs to be specified. Each OS type contains the following fields: 123 | 124 | | Name | Description | Type | Default | Required | 125 | |------|-------------|:----:|:-----:|:-----:| 126 | | short_name | Short name of the OS. Allowed values: `"centos"`, `"debian"`, `"rhel"`, `"sles"`, `"sles_sap"`, `"ubuntu"`. | string | n/a | yes | 127 | | version | Version of the OS. | string | n/a | yes | 128 | 129 | To inspect the exact OS short name and version of an instance, run `gcloud beta compute instances os-inventory describe INSTANCE_NAME`. 130 | 131 | ### policy_id variable 132 | 133 | This ID must start with `ops-agents-`, contain only lowercase letters, numbers, and hyphens, end with a number or a letter, be between 1-63 characters, and be unique within the project. 134 | 135 | ## Requirements 136 | 137 | These sections describe requirements for using this module. 138 | 139 | ### Software 140 | 141 | The following dependencies must be available: 142 | 143 | - [Terraform][terraform] v0.12 144 | - [Terraform Provider for GCP][terraform-provider-gcp] plugin v2.0 145 | - [Google Cloud SDK][google-cloud-sdk] 146 | - [curl][curl] 147 | 148 | ### Service Account 149 | 150 | A service account with the following roles must be used to provision 151 | the resources of this module: 152 | 153 | - Logging Logs Writer: `roles/logging.logWriter` 154 | - Monitoring Metric Writer: `roles/monitoring.metricWriter` 155 | - OS Config GuestPolicy Admin: `roles/osconfig.guestPolicyAdmin` 156 | 157 | The [Project Factory module][project-factory-module] and the 158 | [IAM module][iam-module] may be used in combination to provision a 159 | service account with the necessary roles applied. 160 | 161 | ### APIs 162 | 163 | A project with the following APIs enabled must be used to host the 164 | resources of this module: 165 | 166 | * Google Cloud Logging API: `logging.googleapis.com` 167 | * Google Cloud Monitoring API: `monitoring.googleapis.com` 168 | * Google Cloud OS Config API: `osconfig.googleapis.com` 169 | * [OS Config Metadata][os-config-metadata] 170 | 171 | The [Project Factory module][project-factory-module] can be used to 172 | provision a project with the necessary APIs enabled. 173 | 174 | ## Testing 175 | 176 | ### Integration Testing 177 | 178 | Instructions for how to run integration tests can be found in [CONTRIBUTING.md](./../../CONTRIBUTING.md#integration-testing). 179 | To run integration tests that test update functionality, set up your environment according to [these instructions](./../../CONTRIBUTING.md#test-environment). Next, in the root directory of the repo, run: 180 | ``` 181 | make docker_test_integration_update 182 | ``` 183 | 184 | ### Unit Testing 185 | 186 | To run unit tests, set up your environment according to [these instructions](./../../CONTRIBUTING.md#test-environment). Next, in the root directory of the repo, run: 187 | ``` 188 | make docker_test_bats 189 | ``` 190 | 191 | 192 | ## Contributing 193 | 194 | Refer to the [contribution guidelines](./../../CONTRIBUTING.md) for 195 | information on contributing to this module. 196 | 197 | [iam-module]: https://registry.terraform.io/modules/terraform-google-modules/iam/google 198 | [project-factory-module]: https://registry.terraform.io/modules/terraform-google-modules/project-factory/google 199 | [terraform-provider-gcp]: https://www.terraform.io/docs/providers/google/index.html 200 | [terraform]: https://www.terraform.io/downloads.html 201 | [curl]: https://curl.haxx.se 202 | [google-cloud-sdk]: https://cloud.google.com/sdk/install 203 | [os-config-metadata]: https://cloud.google.com/compute/docs/manage-os#enable-metadata 204 | [ops-agents-policy-docs]: https://cloud.google.com/sdk/gcloud/reference/beta/compute/instances/ops-agents/policies/create 205 | -------------------------------------------------------------------------------- /modules/agent-policy/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "gcloud-upsert" { 18 | source = "terraform-google-modules/gcloud/google" 19 | version = "~> 3.0" 20 | 21 | platform = "linux" 22 | additional_components = ["beta"] 23 | gcloud_sdk_version = "325.0.0" 24 | create_cmd_entrypoint = "${path.module}/scripts/create-update-script.sh" 25 | create_cmd_body = <<-EOT 26 | ${var.project_id} ${jsonencode(var.policy_id)} \ 27 | ${jsonencode(var.description == null ? "" : var.description)} \ 28 | ${base64encode(jsonencode(var.agent_rules))} \ 29 | ${base64encode(jsonencode(var.group_labels == null ? [] : var.group_labels))} \ 30 | ${base64encode(jsonencode(var.os_types))} \ 31 | ${base64encode(jsonencode(var.zones == null ? [] : var.zones))} \ 32 | ${base64encode(jsonencode(var.instances == null ? [] : var.instances))} 33 | EOT 34 | create_cmd_triggers = { uuid = random_uuid.uuid.result } 35 | } 36 | 37 | module "gcloud-destroy" { 38 | source = "terraform-google-modules/gcloud/google" 39 | version = "~> 3.0" 40 | 41 | platform = "linux" 42 | gcloud_sdk_version = "325.0.0" 43 | additional_components = ["beta"] 44 | 45 | destroy_cmd_entrypoint = "${path.module}/scripts/delete-script.sh" 46 | destroy_cmd_body = "${var.project_id} ${jsonencode(var.policy_id)}" 47 | } 48 | 49 | resource "random_uuid" "uuid" { 50 | } 51 | -------------------------------------------------------------------------------- /modules/agent-policy/metadata.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: blueprints.cloud.google.com/v1alpha1 16 | kind: BlueprintMetadata 17 | metadata: 18 | name: terraform-google-cloud-operations 19 | annotations: 20 | config.kubernetes.io/local-config: "true" 21 | spec: 22 | title: Agent Policy 23 | source: 24 | repo: https://github.com/terraform-google-modules/terraform-google-cloud-operations.git 25 | sourceType: git 26 | actuationTool: 27 | type: Terraform 28 | version: '>= 0.13' 29 | examples: 30 | - name: agent_policy_detailed_example 31 | location: examples/agent_policy_detailed_example 32 | - name: agent_policy_simple_example 33 | location: examples/agent_policy_simple_example 34 | - name: agent_policy_update_example 35 | location: examples/agent_policy_update_example 36 | variables: 37 | - name: agent_rules 38 | description: A list of agent rules to be enforced by the policy. 39 | type: list(any) 40 | required: true 41 | - name: description 42 | description: The description of the policy. 43 | type: string 44 | required: false 45 | - name: group_labels 46 | description: A list of label maps to filter instances to apply policies on. 47 | type: list(map(string)) 48 | required: false 49 | - name: instances 50 | description: A list of instances to filter instances to apply the policy. 51 | type: list(string) 52 | required: false 53 | - name: os_types 54 | description: A list of OS types to filter instances to apply the policy. 55 | type: list(any) 56 | required: true 57 | - name: policy_id 58 | description: The ID of the policy. 59 | type: string 60 | required: true 61 | - name: project_id 62 | description: The ID of the project in which to provision resources. 63 | type: string 64 | required: true 65 | - name: zones 66 | description: A list of zones to filter instances to apply the policy. 67 | type: list(string) 68 | required: false 69 | roles: 70 | - level: Project 71 | roles: 72 | - roles/owner 73 | - roles/osconfig.guestPolicyAdmin 74 | - roles/monitoring.metricWriter 75 | - roles/logging.logWriter 76 | services: 77 | - cloudresourcemanager.googleapis.com 78 | - serviceusage.googleapis.com 79 | - logging.googleapis.com 80 | - monitoring.googleapis.com 81 | - osconfig.googleapis.com 82 | -------------------------------------------------------------------------------- /modules/agent-policy/scripts/create-update-script.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | #################################################################### 18 | ## This script safely creates or updates an agent policy. 19 | ## The script takes eight arguments: PROJECT_ID, POLICY_ID, 20 | ## DESCRIPTION, AGENT_RULES_JSON, GROUP_LABELS_JSON, OS_TYPES_JSON, 21 | ## ZONES_JSON, and INSTANCES_JSON. This script is run 22 | ## during `terraform apply` 23 | #################################################################### 24 | 25 | set -x # debug mode 26 | 27 | PROJECT_ID="$1" 28 | POLICY_ID="$2" 29 | DESCRIPTION="$3" 30 | AGENT_RULES_JSON="$(echo "$4" | base64 --decode)" 31 | GROUP_LABELS_JSON="$(echo "$5" | base64 --decode)" 32 | OS_TYPES_JSON="$(echo "$6" | base64 --decode)" 33 | ZONES_JSON="$(echo "$7" | base64 --decode)" 34 | INSTANCES_JSON="$(echo "$8" | base64 --decode)" 35 | 36 | 37 | # include functions to build gcloud command 38 | SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd -P )" 39 | UTILS_ABS_PATH="${SCRIPT_DIR}/script-utils.sh" 40 | # shellcheck disable=SC1090 41 | source "$UTILS_ABS_PATH" 42 | 43 | 44 | DESCRIBE_COMMAND="$(get_describe_command "$PROJECT_ID" "$POLICY_ID")" 45 | DESCRIBE_OUTPUT=$(eval "$DESCRIBE_COMMAND" 2>/dev/null) 46 | RETURN_CODE="$?" 47 | echo "return code of describe command: $RETURN_CODE" 48 | 49 | if [ "$RETURN_CODE" -eq 0 ]; then 50 | echo "$DESCRIBE_OUTPUT" 51 | echo "$POLICY_ID exists, updating" 52 | ETAG="$(get_etag "$DESCRIBE_OUTPUT")" 53 | echo "etag: $ETAG" 54 | UPDATE_COMMAND="$(get_update_command "$PROJECT_ID" "$POLICY_ID" \ 55 | "$DESCRIPTION" "$AGENT_RULES_JSON" "$GROUP_LABELS_JSON" \ 56 | "$OS_TYPES_JSON" "$ZONES_JSON" "$INSTANCES_JSON" "$ETAG")" 57 | eval "$UPDATE_COMMAND" 58 | RETURN_CODE="$?" 59 | echo "return code of update command: $RETURN_CODE" 60 | else 61 | echo "$POLICY_ID does not exist, creating" 62 | CREATE_COMMAND="$(get_create_command "$PROJECT_ID" "$POLICY_ID" \ 63 | "$DESCRIPTION" "$AGENT_RULES_JSON" "$GROUP_LABELS_JSON" \ 64 | "$OS_TYPES_JSON" "$ZONES_JSON" "$INSTANCES_JSON")" 65 | eval "$CREATE_COMMAND" 66 | RETURN_CODE="$?" 67 | echo "return code of create command: $RETURN_CODE" 68 | fi 69 | 70 | -------------------------------------------------------------------------------- /modules/agent-policy/scripts/delete-script.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | #################################################################### 18 | ## This script safely deletes an agent policy. The script takes 19 | ## two arguments: PROJECT_ID and POLICY_ID. This script is run 20 | ## during `terraform destroy` 21 | #################################################################### 22 | 23 | set -x # debug mode 24 | 25 | PROJECT_ID="$1" 26 | POLICY_ID="$2" 27 | 28 | # include functions to build gcloud command 29 | SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd -P )" 30 | UTILS_ABS_PATH="${SCRIPT_DIR}/script-utils.sh" 31 | # shellcheck disable=SC1090 32 | source "$UTILS_ABS_PATH" 33 | 34 | DESCRIBE_COMMAND="$(get_describe_command "$PROJECT_ID" "$POLICY_ID")" 35 | eval "$DESCRIBE_COMMAND" 36 | RETURN_CODE="$?" 37 | echo "return code of describe command: $RETURN_CODE" 38 | 39 | if [ "$RETURN_CODE" -eq 0 ]; then 40 | DELETE_COMMAND="$(get_delete_command "$PROJECT_ID" "$POLICY_ID")" 41 | eval "$DELETE_COMMAND" 42 | RETURN_CODE="$?" 43 | echo "return code of delete command: $RETURN_CODE" 44 | fi 45 | -------------------------------------------------------------------------------- /modules/agent-policy/scripts/script-utils.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | #################################################################### 18 | ## This script contains util functions. The util functions are used 19 | ## in modules/agent-policy/scripts/create-update-script.sh and 20 | ## modules/agent-policy/scripts/delete-script.sh 21 | #################################################################### 22 | 23 | 24 | CREATE="create" 25 | UPDATE="update" 26 | LAUNCH_STAGE="beta" 27 | 28 | 29 | # Params: 30 | # $1 = JSON formatted list(string) 31 | # Return: 32 | # A well-formatted command line flag value for a list of strings 33 | function get_formatted_list_of_strings() { 34 | local -a python_cmd=( 35 | 'import json, sys;' 36 | 'list_of_strings = json.load(sys.stdin);' 37 | 'print (",".join(x for x in list_of_strings))' 38 | ) 39 | echo "$1" | python3 -c "${python_cmd[*]}" 40 | } 41 | 42 | 43 | # Params: 44 | # $1 = JSON formatted list(object) 45 | # Return: 46 | # A well-formatted command line flag value for a list of objects 47 | function get_formatted_list_of_objects() { 48 | local -a python_cmd=( 49 | 'import json, sys;' 50 | 'list_of_objs = json.load(sys.stdin);' 51 | 'print (";".join(",".join(["{}={}".format(k.replace("_", "-"),' 52 | 'str(v).lower() if type(v) is bool else v)' 53 | 'for k, v in sorted(obj.items())]) for obj in list_of_objs))' 54 | ) 55 | echo "$1" | python3 -c "${python_cmd[*]}" 56 | } 57 | 58 | 59 | # Params: 60 | # $1 = JSON formatted list(map) 61 | # Return: 62 | # A well-formatted command line flag value for a list of list of objects 63 | function get_formatted_list_of_map() { 64 | local -a python_cmd=( 65 | 'import json, sys;' 66 | 'list_of_objs = json.load(sys.stdin);' 67 | 'print (";".join(",".join(["{}={}".format(k, v)' 68 | 'for k, v in sorted(obj.items())]) for obj in list_of_objs))' 69 | ) 70 | echo "$1" | python3 -c "${python_cmd[*]}" 71 | } 72 | 73 | # Params: 74 | # $1 = output of successful describe command (json format) 75 | # Return: 76 | # the etag in the given string 77 | function get_etag() { 78 | local -a python_cmd=( 79 | 'import json, sys;' 80 | 'json_dump = json.load(sys.stdin);' 81 | 'print(json_dump["etag"])' 82 | ) 83 | echo "$1" | python3 -c "${python_cmd[*]}" 84 | } 85 | 86 | 87 | # Params: 88 | # $1 = flag name 89 | # $2 = flag value 90 | # Return: 91 | # An empty string if the flag value is empty, otherwise returns the appropriate flag 92 | function get_flag() { 93 | local flag_name="$1" 94 | local flag_value="$2" 95 | local flag="" 96 | if [ -n "$flag_value" ]; then 97 | # flag value is not empty 98 | flag=" --$flag_name='$flag_value'" 99 | fi 100 | echo "$flag" 101 | } 102 | 103 | 104 | # Params: 105 | # $1 = flag name 106 | # $2 = flag value 107 | # Return: 108 | # An appropriate --clear-x flag (where x is instances, group-labels, or zones) 109 | # if the flag value is empty, otherwise returns the appropriate flag 110 | function get_update_flag() { 111 | local flag_name="$1" 112 | local flag_value="$2" 113 | local update_flag="" 114 | if [ -z "$flag_value" ]; then 115 | # flag value is empty 116 | update_flag=" --clear-$flag_name" 117 | fi 118 | echo "$update_flag" 119 | } 120 | 121 | 122 | # Params: 123 | # $1 = group labels flag name 124 | # $2 = group labels flag value 125 | # $3 = zones flag name 126 | # $4 = zones flag value 127 | # $5 = instances flag name 128 | # $5 = instances flag value 129 | # Return: 130 | # The appropriate --clear-x flags (where x is group-labels, zones, or instances) 131 | # based on grloup labels flag value, zones flag value, and instances flag value 132 | function get_update_flags() { 133 | local group_labels_flag_name="$1" 134 | local group_labels_flag_value="$2" 135 | local zones_flag_name="$3" 136 | local zones_flag_value="$4" 137 | local instances_flag_name="$5" 138 | local instances_flag_value="$6" 139 | local clear_group_labels_flag 140 | local clear_zones_flag 141 | local update_flags 142 | 143 | clear_group_labels_flag="$(get_update_flag "$group_labels_flag_name" \ 144 | "$group_labels_flag_value")" 145 | clear_zones_flag=$(get_update_flag "$zones_flag_name" "$zones_flag_value") 146 | clear_instances_flag=$(get_update_flag "$instances_flag_name" "$instances_flag_value") 147 | 148 | local update_flags="$clear_group_labels_flag$clear_zones_flag$clear_instances_flag" 149 | echo "$update_flags" 150 | } 151 | 152 | # Params: 153 | # $1 = project id 154 | # Return: 155 | # The appropriate global flags (--project and --quiet) 156 | function get_global_flags() { 157 | local project_id="$1" 158 | local project_flag_name="project" 159 | local project_flag 160 | project_flag=$(get_flag "$project_flag_name" "$project_id") 161 | local quiet_flag=" --quiet" 162 | 163 | local global_flags="$project_flag$quiet_flag" 164 | echo "$global_flags" 165 | } 166 | 167 | # Params: 168 | # $1 = action (create or update) 169 | # $2 = policy id 170 | # $3 = description of the agent policy 171 | # $4 = agent rules, in json format 172 | # $5 = group labels, in json format 173 | # $6 = os types, in json format 174 | # $7 = zones, in json format 175 | # $8 = instances, in json format 176 | # Return: 177 | # the appropriate gcloud create or update command, given the args 178 | function get_base_upsert_command() { 179 | local action="$1" 180 | local policy_id="$2" 181 | local description="$3" 182 | local agent_rules_json="$4" 183 | local group_labels_json="$5" 184 | local os_types_json="$6" 185 | local zones_json="$7" 186 | local instances_json="$8" 187 | 188 | local description_flag_name="description" 189 | local agent_rules_flag_name="agent-rules" 190 | local group_labels_flag_name="group-labels" 191 | local os_types_flag_name="os-types" 192 | local zones_flag_name="zones" 193 | local instances_flag_name="instances" 194 | 195 | local agent_rules_flag_value 196 | local group_labels_flag_value 197 | local os_types_flag_value 198 | local zones_flag_value 199 | local instances_flag_value 200 | agent_rules_flag_value=$(get_formatted_list_of_objects "$agent_rules_json") 201 | group_labels_flag_value=$(get_formatted_list_of_map "$group_labels_json") 202 | os_types_flag_value=$(get_formatted_list_of_objects "$os_types_json") 203 | zones_flag_value=$(get_formatted_list_of_strings "$zones_json") 204 | instances_flag_value=$(get_formatted_list_of_strings "$instances_json") 205 | 206 | local description_flag 207 | local agent_rules_flag 208 | local group_labels_flag 209 | local os_types_flag 210 | local zones_flag 211 | local instances_flag 212 | local project_flag 213 | description_flag=$(get_flag "$description_flag_name" "$description") 214 | agent_rules_flag=$(get_flag "$agent_rules_flag_name" "$agent_rules_flag_value") 215 | group_labels_flag=$(get_flag "$group_labels_flag_name" "$group_labels_flag_value") 216 | os_types_flag=$(get_flag "$os_types_flag_name" "$os_types_flag_value") 217 | zones_flag=$(get_flag "$zones_flag_name" "$zones_flag_value") 218 | instances_flag=$(get_flag "$instances_flag_name" "$instances_flag_value") 219 | 220 | local update_flags="" 221 | if [ "$action" = "$UPDATE" ]; then 222 | update_flags="$(get_update_flags "$group_labels_flag_name" \ 223 | "$group_labels_flag_value" "$zones_flag_name" "$zones_flag_value" \ 224 | "$instances_flag_name" "$instances_flag_value")" 225 | fi 226 | 227 | local command="gcloud $LAUNCH_STAGE compute instances ops-agents policies $action" 228 | command="$command $policy_id$description_flag$agent_rules_flag$group_labels_flag" 229 | command="$command$os_types_flag$zones_flag$instances_flag$update_flags" 230 | echo "$command" 231 | } 232 | 233 | # Params: 234 | # $1 = project id 235 | # $2 = policy id 236 | # $3 = description of the agent policy 237 | # $4 = agent rules, in json format 238 | # $5 = group labels, in json format 239 | # $6 = os types, in json format 240 | # $7 = zones, in json format 241 | # $8 = instances, in json format 242 | # Return: 243 | # the appropriate gcloud create command, given the args 244 | function get_create_command() { 245 | local project_id="$1" 246 | local policy_id="$2" 247 | local description="$3" 248 | local agent_rules_json="$4" 249 | local group_labels_json="$5" 250 | local os_types_json="$6" 251 | local zones_json="$7" 252 | local instances_json="$8" 253 | local base_create_command 254 | local global_flags 255 | 256 | base_create_command="$(get_base_upsert_command "$CREATE" \ 257 | "$policy_id" "$description" "$agent_rules_json" \ 258 | "$group_labels_json" "$os_types_json" "$zones_json" "$instances_json")" 259 | global_flags=$(get_global_flags "$project_id") 260 | 261 | local create_command="$base_create_command$global_flags" 262 | echo "$create_command" 263 | } 264 | 265 | # Params: 266 | # $1 = project id 267 | # $2 = policy id 268 | # $3 = description of the agent policy 269 | # $4 = agent rules, in json format 270 | # $5 = group labels, in json format 271 | # $6 = os types, in json format 272 | # $7 = zones, in json format 273 | # $8 = instances, in json format 274 | # $9 = etag 275 | # Return: 276 | # the appropriate gcloud update command, given the args 277 | function get_update_command() { 278 | local project_id="$1" 279 | local policy_id="$2" 280 | local description="$3" 281 | local agent_rules_json="$4" 282 | local group_labels_json="$5" 283 | local os_types_json="$6" 284 | local zones_json="$7" 285 | local instances_json="$8" 286 | local etag="$9" 287 | local base_update_command 288 | local etag_flag 289 | local global_flags 290 | 291 | base_update_command="$(get_base_upsert_command "$UPDATE" \ 292 | "$policy_id" "$description" "$agent_rules_json" \ 293 | "$group_labels_json" "$os_types_json" "$zones_json" "$instances_json")" 294 | etag_flag=$(get_flag etag "$etag") 295 | global_flags=$(get_global_flags "$project_id") 296 | local update_command="$base_update_command$etag_flag$global_flags" 297 | echo "$update_command" 298 | } 299 | 300 | 301 | # Params: 302 | # $1 = project id 303 | # $2 = policy id 304 | # Return: 305 | # the appropriate gcloud describe command, given the args 306 | function get_describe_command() { 307 | local project_id="$1" 308 | local policy_id="$2" 309 | local project_flag_name="project" 310 | local project_flag 311 | project_flag=$(get_flag "$project_flag_name" "$project_id") 312 | 313 | local command="gcloud $LAUNCH_STAGE compute instances ops-agents policies describe" 314 | command="$command $policy_id$project_flag --quiet --format=json" 315 | echo "$command" 316 | } 317 | 318 | # Params: 319 | # $1 = project id 320 | # $2 = policy id 321 | # Return: 322 | # the appropriate gcloud delete command, given the args 323 | function get_delete_command() { 324 | local project_id="$1" 325 | local policy_id="$2" 326 | local project_flag_name="project" 327 | local project_flag 328 | project_flag=$(get_flag "$project_flag_name" "$project_id") 329 | 330 | local command="gcloud $LAUNCH_STAGE compute instances ops-agents policies delete" 331 | command="$command $policy_id$project_flag --quiet" 332 | echo "$command" 333 | } 334 | -------------------------------------------------------------------------------- /modules/agent-policy/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #################################################################### 18 | ## Variables for the agent-policy module 19 | #################################################################### 20 | 21 | variable "project_id" { 22 | description = "The ID of the project in which to provision resources." 23 | type = string 24 | } 25 | 26 | variable "policy_id" { 27 | description = "The ID of the policy." 28 | type = string 29 | } 30 | 31 | variable "description" { 32 | description = "The description of the policy." 33 | type = string 34 | default = null 35 | } 36 | 37 | variable "agent_rules" { 38 | description = "A list of agent rules to be enforced by the policy." 39 | type = list(any) 40 | 41 | validation { 42 | condition = can([for agent_rule in var.agent_rules : agent_rule["type"]]) 43 | error_message = "Each agent rule must have a type." 44 | } 45 | } 46 | 47 | variable "group_labels" { 48 | description = "A list of label maps to filter instances to apply policies on." 49 | type = list(map(string)) 50 | default = null 51 | } 52 | 53 | variable "os_types" { 54 | description = "A list of OS types to filter instances to apply the policy." 55 | type = list(any) 56 | 57 | validation { 58 | condition = can([for os_type in var.os_types : os_type["short_name"]]) 59 | error_message = "Each os type must have a short_name." 60 | } 61 | } 62 | 63 | variable "zones" { 64 | description = "A list of zones to filter instances to apply the policy." 65 | type = list(string) 66 | default = null 67 | } 68 | 69 | variable "instances" { 70 | description = "A list of instances to filter instances to apply the policy." 71 | type = list(string) 72 | default = null 73 | } 74 | -------------------------------------------------------------------------------- /modules/agent-policy/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | required_providers { 20 | random = { 21 | source = "hashicorp/random" 22 | version = ">= 3.4" 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /modules/ops-agent-policy/README.md: -------------------------------------------------------------------------------- 1 | # Agent Policy 2 | 3 | This module is used to install/uninstall the ops agent in Google Cloud Engine VM's using [ops agent policies](https://cloud.google.com/stackdriver/docs/solutions/agents/ops-agent/agent-policies). 4 | 5 | ## Usage 6 | 7 | Basic usage of this module is as follows: 8 | 9 | Sample module to install [Ops Agent](https://cloud.google.com/stackdriver/docs/solutions/ops-agent) on all Debian 12 VMs with the label "goog-ops-agent-policy=enabled". 10 | ```hcl 11 | module "ops_agent_policy" { 12 | source = "github.com/terraform-google-modules/terraform-google-cloud-operations/modules/ops-agent-policy" 13 | project = "" 14 | zone = "" 15 | assignment_id = "example-ops-agent-policy" 16 | agents_rule = { 17 | package_state = "installed" 18 | version = "latest" 19 | } 20 | instance_filter = { 21 | all = false 22 | inventories = [{ 23 | os_short_name = "debian" 24 | os_version = "12" 25 | }] 26 | inclusion_labels = [{ 27 | labels = { 28 | goog-ops-agent-policy = "enabled" 29 | } 30 | }] 31 | } 32 | } 33 | ``` 34 | 35 | Functional examples are included in the [examples](./../../examples) directory with the prefix `ops_agent_policy`. 36 | 37 | 38 | ## Inputs 39 | 40 | | Name | Description | Type | Default | Required | 41 | |------|-------------|------|---------|:--------:| 42 | | agents\_rule | Whether to install or uninstall the agent, and which version to install. | `object({ package_state : string, version : string })` | 
{
  "package_state": "installed",
  "version": "latest"
}
| no | 43 | | assignment\_id | Resource name. Unique among policy assignments in the given zone | `string` | n/a | yes | 44 | | instance\_filter | Filter to select VMs. Structure is documented below here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/os_config_os_policy_assignment. | 
object({
    all : optional(bool),
    // excludes a VM if it contains all label-value pairs for some element in the list
    exclusion_labels : optional(list(object({
      labels : map(string)
    })), []),
    // includes a VM if it contains all label-value pairs for some element in the list
    inclusion_labels : optional(list(object({
      labels : map(string)
    })), []),
    // includes a VM if its inventory data matches at least one of the following inventories
    inventories : optional(list(object({
      os_short_name : string,
      os_version : string
    })), []),
  })
| n/a | yes | 45 | | project | The ID of the project in which to provision resources. If not present, uses the provider ID | `string` | `null` | no | 46 | | zone | The location to which policy assignments are applied to. | `string` | n/a | yes | 47 | 48 | ## Outputs 49 | 50 | | Name | Description | 51 | |------|-------------| 52 | | ops\_agent\_policy | The generated policy for installing/uninstalling the ops agent. | 53 | 54 | 55 | 56 | ## Troubleshooting 57 | 58 | The [GA agent policies public documentation](https://cloud.google.com/logging/docs/agent/ops-agent/agent-policies#troubleshooting) shows different errors that can appear while creating policies using the ops-agent-policy module. 59 | -------------------------------------------------------------------------------- /modules/ops-agent-policy/major_version_install/policy_major_version_install.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # A template for a single VMM OS policy that installs the given agent major version. 15 | id: goog-ops-agent-policy 16 | mode: ENFORCEMENT 17 | allowNoResourceGroupMatch: true 18 | resourceGroups: 19 | - inventoryFilters: 20 | - osShortName: centos 21 | osVersion: '7' 22 | - osShortName: rhel 23 | osVersion: '7.*' 24 | resources: 25 | - id: add-repo 26 | repository: 27 | yum: 28 | id: google-cloud-ops-agent 29 | displayName: Google Cloud Ops Agent Repository 30 | baseUrl: https://packages.cloud.google.com/yum/repos/google-cloud-ops-agent-el7-x86_64-$agent_version 31 | gpgKeys: 32 | - https://packages.cloud.google.com/yum/doc/yum-key.gpg 33 | - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 34 | - id: install-pkg 35 | pkg: 36 | desiredState: INSTALLED 37 | yum: 38 | name: google-cloud-ops-agent 39 | - inventoryFilters: 40 | - osShortName: centos 41 | osVersion: '8' 42 | - osShortName: rocky 43 | osVersion: '8.*' 44 | - osShortName: rhel 45 | osVersion: '8.*' 46 | resources: 47 | - id: add-repo 48 | repository: 49 | yum: 50 | id: google-cloud-ops-agent 51 | displayName: Google Cloud Ops Agent Repository 52 | baseUrl: https://packages.cloud.google.com/yum/repos/google-cloud-ops-agent-el8-x86_64-$agent_version 53 | gpgKeys: 54 | - https://packages.cloud.google.com/yum/doc/yum-key.gpg 55 | - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 56 | - id: install-pkg 57 | pkg: 58 | desiredState: INSTALLED 59 | yum: 60 | name: google-cloud-ops-agent 61 | - inventoryFilters: 62 | - osShortName: rocky 63 | osVersion: '9.*' 64 | - osShortName: rhel 65 | osVersion: '9.*' 66 | resources: 67 | - id: add-repo 68 | repository: 69 | yum: 70 | id: google-cloud-ops-agent 71 | displayName: Google Cloud Ops Agent Repository 72 | baseUrl: https://packages.cloud.google.com/yum/repos/google-cloud-ops-agent-el9-x86_64-$agent_version 73 | gpgKeys: 74 | - https://packages.cloud.google.com/yum/doc/yum-key.gpg 75 | - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 76 | - id: install-pkg 77 | pkg: 78 | desiredState: INSTALLED 79 | yum: 80 | name: google-cloud-ops-agent 81 | - inventoryFilters: 82 | - osShortName: sles 83 | osVersion: '12.*' 84 | resources: 85 | - id: add-repo 86 | repository: 87 | zypper: 88 | id: google-cloud-ops-agent 89 | displayName: Google Cloud Ops Agent Repository 90 | baseUrl: https://packages.cloud.google.com/yum/repos/google-cloud-ops-agent-sles12-x86_64-$agent_version 91 | gpgKeys: 92 | - https://packages.cloud.google.com/yum/doc/yum-key.gpg 93 | - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 94 | - id: import-key 95 | exec: 96 | validate: 97 | script: "rpm --import https://packages.cloud.google.com/yum/doc/yum-key.gpg; rpm --import https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg; exit 100;" 98 | interpreter: SHELL 99 | enforce: 100 | script: "echo hello" 101 | interpreter: SHELL 102 | - id: install-pkg 103 | pkg: 104 | desiredState: INSTALLED 105 | zypper: 106 | name: google-cloud-ops-agent 107 | - inventoryFilters: 108 | - osShortName: sles 109 | osVersion: '15.*' 110 | - osShortName: opensuse-leap 111 | osVersion: '15.*' 112 | resources: 113 | - id: add-repo 114 | repository: 115 | zypper: 116 | id: google-cloud-ops-agent 117 | displayName: Google Cloud Ops Agent Repository 118 | baseUrl: https://packages.cloud.google.com/yum/repos/google-cloud-ops-agent-sles15-x86_64-$agent_version 119 | gpgKeys: 120 | - https://packages.cloud.google.com/yum/doc/yum-key.gpg 121 | - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 122 | - id: install-pkg 123 | pkg: 124 | desiredState: INSTALLED 125 | zypper: 126 | name: google-cloud-ops-agent 127 | - inventoryFilters: 128 | - osShortName: debian 129 | osVersion: '10' 130 | resources: 131 | - id: add-repo 132 | repository: 133 | apt: 134 | archiveType: DEB 135 | uri: https://packages.cloud.google.com/apt 136 | distribution: google-cloud-ops-agent-buster-$agent_version 137 | components: 138 | - main 139 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 140 | - id: install-pkg 141 | pkg: 142 | desiredState: INSTALLED 143 | apt: 144 | name: google-cloud-ops-agent 145 | - inventoryFilters: 146 | - osShortName: debian 147 | osVersion: '11' 148 | resources: 149 | - id: add-repo 150 | repository: 151 | apt: 152 | archiveType: DEB 153 | uri: https://packages.cloud.google.com/apt 154 | distribution: google-cloud-ops-agent-bullseye-$agent_version 155 | components: 156 | - main 157 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 158 | - id: install-pkg 159 | pkg: 160 | desiredState: INSTALLED 161 | apt: 162 | name: google-cloud-ops-agent 163 | - inventoryFilters: 164 | - osShortName: debian 165 | osVersion: '12' 166 | resources: 167 | - id: add-repo 168 | repository: 169 | apt: 170 | archiveType: DEB 171 | uri: https://packages.cloud.google.com/apt 172 | distribution: google-cloud-ops-agent-bookworm-$agent_version 173 | components: 174 | - main 175 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 176 | - id: install-pkg 177 | pkg: 178 | desiredState: INSTALLED 179 | apt: 180 | name: google-cloud-ops-agent 181 | - inventoryFilters: 182 | - osShortName: ubuntu 183 | osVersion: '18.04' 184 | resources: 185 | - id: wait-for-cloud-init 186 | exec: 187 | validate: 188 | script: "cloud-init status --wait; exit 100;" 189 | interpreter: SHELL 190 | enforce: 191 | script: "echo hello" 192 | interpreter: SHELL 193 | - id: add-repo 194 | repository: 195 | apt: 196 | archiveType: DEB 197 | uri: https://packages.cloud.google.com/apt 198 | distribution: google-cloud-ops-agent-bionic-$agent_version 199 | components: 200 | - main 201 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 202 | - id: install-pkg 203 | pkg: 204 | desiredState: INSTALLED 205 | apt: 206 | name: google-cloud-ops-agent 207 | - inventoryFilters: 208 | - osShortName: ubuntu 209 | osVersion: '20.04' 210 | resources: 211 | - id: wait-for-cloud-init 212 | exec: 213 | validate: 214 | script: "cloud-init status --wait; exit 100;" 215 | interpreter: SHELL 216 | enforce: 217 | script: "echo hello" 218 | interpreter: SHELL 219 | - id: add-repo 220 | repository: 221 | apt: 222 | archiveType: DEB 223 | uri: https://packages.cloud.google.com/apt 224 | distribution: google-cloud-ops-agent-focal-$agent_version 225 | components: 226 | - main 227 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 228 | - id: install-pkg 229 | pkg: 230 | desiredState: INSTALLED 231 | apt: 232 | name: google-cloud-ops-agent 233 | - inventoryFilters: 234 | - osShortName: ubuntu 235 | osVersion: '22.04' 236 | resources: 237 | - id: wait-for-cloud-init 238 | exec: 239 | validate: 240 | script: "cloud-init status --wait; exit 100;" 241 | interpreter: SHELL 242 | enforce: 243 | script: "echo hello" 244 | interpreter: SHELL 245 | - id: add-repo 246 | repository: 247 | apt: 248 | archiveType: DEB 249 | uri: https://packages.cloud.google.com/apt 250 | distribution: google-cloud-ops-agent-jammy-$agent_version 251 | components: 252 | - main 253 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 254 | - id: install-pkg 255 | pkg: 256 | desiredState: INSTALLED 257 | apt: 258 | name: google-cloud-ops-agent 259 | - inventoryFilters: 260 | - osShortName: ubuntu 261 | osVersion: '23.10' 262 | resources: 263 | - id: wait-for-cloud-init 264 | exec: 265 | validate: 266 | script: "cloud-init status --wait; exit 100;" 267 | interpreter: SHELL 268 | enforce: 269 | script: "echo hello" 270 | interpreter: SHELL 271 | - id: add-repo 272 | repository: 273 | apt: 274 | archiveType: DEB 275 | uri: https://packages.cloud.google.com/apt 276 | distribution: google-cloud-ops-agent-mantic-$agent_version 277 | components: 278 | - main 279 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 280 | - id: install-pkg 281 | pkg: 282 | desiredState: INSTALLED 283 | apt: 284 | name: google-cloud-ops-agent 285 | - inventoryFilters: 286 | - osShortName: ubuntu 287 | osVersion: '24.04' 288 | resources: 289 | - id: wait-for-cloud-init 290 | exec: 291 | validate: 292 | script: "cloud-init status --wait; exit 100;" 293 | interpreter: SHELL 294 | enforce: 295 | script: "echo hello" 296 | interpreter: SHELL 297 | - id: add-repo 298 | repository: 299 | apt: 300 | archiveType: DEB 301 | uri: https://packages.cloud.google.com/apt 302 | distribution: google-cloud-ops-agent-noble-$agent_version 303 | components: 304 | - main 305 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 306 | - id: install-pkg 307 | pkg: 308 | desiredState: INSTALLED 309 | apt: 310 | name: google-cloud-ops-agent 311 | - inventoryFilters: 312 | - osShortName: windows 313 | osVersion: '10.*' 314 | - osShortName: windows 315 | osVersion: '6.*' 316 | resources: 317 | - id: add-repo 318 | repository: 319 | goo: 320 | name: Google Cloud Ops Agent 321 | url: https://packages.cloud.google.com/yuck/repos/google-cloud-ops-agent-windows-$agent_version 322 | - id: install-pkg 323 | pkg: 324 | desiredState: INSTALLED 325 | googet: 326 | name: google-cloud-ops-agent 327 | -------------------------------------------------------------------------------- /modules/ops-agent-policy/metadata.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: blueprints.cloud.google.com/v1alpha1 16 | kind: BlueprintMetadata 17 | metadata: 18 | name: terraform-google-cloud-operations 19 | annotations: 20 | config.kubernetes.io/local-config: "true" 21 | spec: 22 | title: Agent Policy 23 | source: 24 | repo: https://github.com/terraform-google-modules/terraform-google-cloud-operations.git 25 | sourceType: git 26 | actuationTool: 27 | type: Terraform 28 | version: '>= 0.13' 29 | examples: 30 | - name: ops_agent_policy_install_all 31 | location: examples/ops_agent_policy_install_all 32 | - name: ops_agent_policy_install_all_in_region 33 | location: examples/ops_agent_policy_install_all_in_region 34 | - name: ops_agent_policy_install_all_in_zone 35 | location: examples/ops_agent_policy_install_all_in_zone 36 | variables: 37 | - name: assignment_id 38 | description: Resource name. Unique among policy assignments in the given zone 39 | type: string 40 | required: true 41 | - name: zone 42 | description: The location to which policy assignments are applied to. 43 | type: string 44 | required: true 45 | - name: project 46 | description: The ID of the project in which to provision resources. If not present, uses the provider ID 47 | type: string 48 | required: false 49 | - name: ops_agent 50 | description: Whether to install or uninstall the agent, and which version to install. 51 | type: "object({package_state: string, version: string})" 52 | required: false 53 | - name: instance_filter 54 | description: "Filter to select VMs. Structure is documented below here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/os_config_os_policy_assignment" 55 | type: '''object({ 56 | all: optional(bool), 57 | exclusion_labels: optional(list(object({ 58 | labels: map(string) 59 | })), []), 60 | inclusion_labels: optional(list(object({ 61 | labels: map(string) 62 | })), []), 63 | inventories: optional(list(object({ 64 | os_short_name: string, 65 | os_version: string 66 | })), []), 67 | })''' 68 | required: true 69 | 70 | roles: 71 | - level: Project 72 | roles: 73 | - roles/owner 74 | - roles/osconfig.osPolicyAssignmentAdmin 75 | - roles/monitoring.metricWriter 76 | - roles/logging.logWriter 77 | services: 78 | - cloudresourcemanager.googleapis.com 79 | - serviceusage.googleapis.com 80 | - logging.googleapis.com 81 | - monitoring.googleapis.com 82 | - osconfig.googleapis.com 83 | -------------------------------------------------------------------------------- /modules/ops-agent-policy/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | 18 | output "ops_agent_policy" { 19 | description = "The generated policy for installing/uninstalling the ops agent." 20 | value = google_os_config_os_policy_assignment.ops_agent_policy 21 | } 22 | -------------------------------------------------------------------------------- /modules/ops-agent-policy/pin_to_version_install/policy_pin_to_version_install.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # A template for a single VMM OS policy that installs the given agent version. 15 | id: goog-ops-agent-policy 16 | mode: ENFORCEMENT 17 | allowNoResourceGroupMatch: true 18 | resourceGroups: 19 | - inventoryFilters: 20 | - osShortName: centos 21 | osVersion: '7' 22 | - osShortName: rhel 23 | osVersion: '7.*' 24 | resources: 25 | - id: install-agent 26 | exec: 27 | validate: 28 | script: "[ $(rpm --query --queryformat '%{VERSION}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 29 | interpreter: SHELL 30 | enforce: 31 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 32 | interpreter: SHELL 33 | - inventoryFilters: 34 | - osShortName: centos 35 | osVersion: '8' 36 | - osShortName: rocky 37 | osVersion: '8.*' 38 | - osShortName: rhel 39 | osVersion: '8.*' 40 | resources: 41 | - id: install-agent 42 | exec: 43 | validate: 44 | script: "[ $(rpm --query --queryformat '%{VERSION}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 45 | interpreter: SHELL 46 | enforce: 47 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 48 | interpreter: SHELL 49 | - inventoryFilters: 50 | - osShortName: rocky 51 | osVersion: '9.*' 52 | - osShortName: rhel 53 | osVersion: '9.*' 54 | resources: 55 | - id: install-agent 56 | exec: 57 | validate: 58 | script: "[ $(rpm --query --queryformat '%{VERSION}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 59 | interpreter: SHELL 60 | enforce: 61 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 62 | interpreter: SHELL 63 | - inventoryFilters: 64 | - osShortName: sles 65 | osVersion: '12.*' 66 | resources: 67 | - id: install-agent 68 | exec: 69 | validate: 70 | script: "[ $(rpm --query --queryformat '%{VERSION}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 71 | interpreter: SHELL 72 | enforce: 73 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 74 | interpreter: SHELL 75 | - inventoryFilters: 76 | - osShortName: sles 77 | osVersion: '15.*' 78 | - osShortName: opensuse-leap 79 | osVersion: '15.*' 80 | resources: 81 | - id: install-agent 82 | exec: 83 | validate: 84 | script: "[ $(rpm --query --queryformat '%{VERSION}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 85 | interpreter: SHELL 86 | enforce: 87 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 88 | interpreter: SHELL 89 | - inventoryFilters: 90 | - osShortName: debian 91 | osVersion: '10' 92 | resources: 93 | - id: install-agent 94 | exec: 95 | validate: 96 | script: "[ $(dpkg-query --show --showformat '${Version}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 97 | interpreter: SHELL 98 | enforce: 99 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 100 | interpreter: SHELL 101 | - inventoryFilters: 102 | - osShortName: debian 103 | osVersion: '11' 104 | resources: 105 | - id: install-agent 106 | exec: 107 | validate: 108 | script: "[ $(dpkg-query --show --showformat '${Version}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 109 | interpreter: SHELL 110 | enforce: 111 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 112 | interpreter: SHELL 113 | - inventoryFilters: 114 | - osShortName: debian 115 | osVersion: '12' 116 | resources: 117 | - id: install-agent 118 | exec: 119 | validate: 120 | script: "[ $(dpkg-query --show --showformat '${Version}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 121 | interpreter: SHELL 122 | enforce: 123 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 124 | interpreter: SHELL 125 | - inventoryFilters: 126 | - osShortName: ubuntu 127 | osVersion: '18.04' 128 | resources: 129 | - id: wait-for-cloud-init 130 | exec: 131 | validate: 132 | script: "cloud-init status --wait; exit 100;" 133 | interpreter: SHELL 134 | enforce: 135 | script: "echo hello" 136 | interpreter: SHELL 137 | - id: install-agent 138 | exec: 139 | validate: 140 | script: "[ $(dpkg-query --show --showformat '${Version}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 141 | interpreter: SHELL 142 | enforce: 143 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 144 | interpreter: SHELL 145 | - inventoryFilters: 146 | - osShortName: ubuntu 147 | osVersion: '20.04' 148 | resources: 149 | - id: wait-for-cloud-init 150 | exec: 151 | validate: 152 | script: "cloud-init status --wait; exit 100;" 153 | interpreter: SHELL 154 | enforce: 155 | script: "echo hello" 156 | interpreter: SHELL 157 | - id: install-agent 158 | exec: 159 | validate: 160 | script: "[ $(dpkg-query --show --showformat '${Version}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 161 | interpreter: SHELL 162 | enforce: 163 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 164 | interpreter: SHELL 165 | - inventoryFilters: 166 | - osShortName: ubuntu 167 | osVersion: '22.04' 168 | resources: 169 | - id: wait-for-cloud-init 170 | exec: 171 | validate: 172 | script: "cloud-init status --wait; exit 100;" 173 | interpreter: SHELL 174 | enforce: 175 | script: "echo hello" 176 | interpreter: SHELL 177 | - id: install-agent 178 | exec: 179 | validate: 180 | script: "[ $(dpkg-query --show --showformat '${Version}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 181 | interpreter: SHELL 182 | enforce: 183 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 184 | interpreter: SHELL 185 | - inventoryFilters: 186 | - osShortName: ubuntu 187 | osVersion: '23.10' 188 | resources: 189 | - id: wait-for-cloud-init 190 | exec: 191 | validate: 192 | script: "cloud-init status --wait; exit 100;" 193 | interpreter: SHELL 194 | enforce: 195 | script: "echo hello" 196 | interpreter: SHELL 197 | - id: install-agent 198 | exec: 199 | validate: 200 | script: "[ $(dpkg-query --show --showformat '${Version}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 201 | interpreter: SHELL 202 | enforce: 203 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 204 | interpreter: SHELL 205 | - inventoryFilters: 206 | - osShortName: ubuntu 207 | osVersion: '24.04' 208 | resources: 209 | - id: wait-for-cloud-init 210 | exec: 211 | validate: 212 | script: "cloud-init status --wait; exit 100;" 213 | interpreter: SHELL 214 | enforce: 215 | script: "echo hello" 216 | interpreter: SHELL 217 | - id: install-agent 218 | exec: 219 | validate: 220 | script: "[ $(dpkg-query --show --showformat '${Version}' 'google-cloud-ops-agent' | cut -d~ -f 1) == '$agent_version' ] && exit 100 || exit 101;" 221 | interpreter: SHELL 222 | enforce: 223 | script: curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh; sudo bash add-google-cloud-ops-agent-repo.sh --also-install --version=$agent_version; 224 | interpreter: SHELL 225 | - inventoryFilters: 226 | - osShortName: windows 227 | osVersion: '10.*' 228 | - osShortName: windows 229 | osVersion: '6.*' 230 | resources: 231 | - id: install-agent 232 | exec: 233 | validate: 234 | script: if (((((googet installed google-cloud-ops-agent) -split ' ')[-1]) -split '@')[0] -eq '$agent_version'){ exit 100; } else { exit 101;} 235 | interpreter: POWERSHELL 236 | enforce: 237 | script: '(New-Object Net.WebClient).DownloadFile("https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.ps1", "${env:UserProfile}\add-google-cloud-ops-agent-repo.ps1"); Invoke-Expression "${env:UserProfile}\add-google-cloud-ops-agent-repo.ps1 -AlsoInstall -Version $agent_version";' 238 | interpreter: POWERSHELL 239 | -------------------------------------------------------------------------------- /modules/ops-agent-policy/uninstall/policy_uninstall.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # A template for a single VMM OS policy that uninstalls the given agent major version. 15 | id: goog-ops-agent-policy 16 | mode: ENFORCEMENT 17 | allowNoResourceGroupMatch: true 18 | resourceGroups: 19 | - inventoryFilters: 20 | - osShortName: centos 21 | osVersion: '7' 22 | - osShortName: rhel 23 | osVersion: '7.*' 24 | resources: 25 | # TODO: b/329895431 - Consider removing add-repo steps in this policy 26 | - id: add-repo 27 | repository: 28 | yum: 29 | id: google-cloud-ops-agent 30 | displayName: Google Cloud Ops Agent Repository 31 | baseUrl: https://packages.cloud.google.com/yum/repos/google-cloud-ops-agent-el7-x86_64-$agent_version 32 | gpgKeys: 33 | - https://packages.cloud.google.com/yum/doc/yum-key.gpg 34 | - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 35 | - id: install-pkg 36 | pkg: 37 | desiredState: REMOVED 38 | yum: 39 | name: google-cloud-ops-agent 40 | - inventoryFilters: 41 | - osShortName: centos 42 | osVersion: '8' 43 | - osShortName: rocky 44 | osVersion: '8.*' 45 | - osShortName: rhel 46 | osVersion: '8.*' 47 | resources: 48 | - id: add-repo 49 | repository: 50 | yum: 51 | id: google-cloud-ops-agent 52 | displayName: Google Cloud Ops Agent Repository 53 | baseUrl: https://packages.cloud.google.com/yum/repos/google-cloud-ops-agent-el8-x86_64-$agent_version 54 | gpgKeys: 55 | - https://packages.cloud.google.com/yum/doc/yum-key.gpg 56 | - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 57 | - id: install-pkg 58 | pkg: 59 | desiredState: REMOVED 60 | yum: 61 | name: google-cloud-ops-agent 62 | - inventoryFilters: 63 | - osShortName: rocky 64 | osVersion: '9.*' 65 | - osShortName: rhel 66 | osVersion: '9.*' 67 | resources: 68 | - id: add-repo 69 | repository: 70 | yum: 71 | id: google-cloud-ops-agent 72 | displayName: Google Cloud Ops Agent Repository 73 | baseUrl: https://packages.cloud.google.com/yum/repos/google-cloud-ops-agent-el9-x86_64-$agent_version 74 | gpgKeys: 75 | - https://packages.cloud.google.com/yum/doc/yum-key.gpg 76 | - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 77 | - id: install-pkg 78 | pkg: 79 | desiredState: REMOVED 80 | yum: 81 | name: google-cloud-ops-agent 82 | - inventoryFilters: 83 | - osShortName: sles 84 | osVersion: '12.*' 85 | resources: 86 | - id: add-repo 87 | repository: 88 | zypper: 89 | id: google-cloud-ops-agent 90 | displayName: Google Cloud Ops Agent Repository 91 | baseUrl: https://packages.cloud.google.com/yum/repos/google-cloud-ops-agent-sles12-x86_64-$agent_version 92 | gpgKeys: 93 | - https://packages.cloud.google.com/yum/doc/yum-key.gpg 94 | - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 95 | - id: import-key 96 | exec: 97 | validate: 98 | script: "rpm --import https://packages.cloud.google.com/yum/doc/yum-key.gpg; rpm --import https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg; exit 100;" 99 | interpreter: SHELL 100 | enforce: 101 | script: "echo hello" 102 | interpreter: SHELL 103 | - id: install-pkg 104 | pkg: 105 | desiredState: REMOVED 106 | zypper: 107 | name: google-cloud-ops-agent 108 | - inventoryFilters: 109 | - osShortName: sles 110 | osVersion: '15.*' 111 | - osShortName: opensuse-leap 112 | osVersion: '15.*' 113 | resources: 114 | - id: add-repo 115 | repository: 116 | zypper: 117 | id: google-cloud-ops-agent 118 | displayName: Google Cloud Ops Agent Repository 119 | baseUrl: https://packages.cloud.google.com/yum/repos/google-cloud-ops-agent-sles15-x86_64-$agent_version 120 | gpgKeys: 121 | - https://packages.cloud.google.com/yum/doc/yum-key.gpg 122 | - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 123 | - id: install-pkg 124 | pkg: 125 | desiredState: REMOVED 126 | zypper: 127 | name: google-cloud-ops-agent 128 | - inventoryFilters: 129 | - osShortName: debian 130 | osVersion: '10' 131 | resources: 132 | - id: add-repo 133 | repository: 134 | apt: 135 | archiveType: DEB 136 | uri: https://packages.cloud.google.com/apt 137 | distribution: google-cloud-ops-agent-buster-$agent_version 138 | components: 139 | - main 140 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 141 | - id: install-pkg 142 | pkg: 143 | desiredState: REMOVED 144 | apt: 145 | name: google-cloud-ops-agent 146 | - inventoryFilters: 147 | - osShortName: debian 148 | osVersion: '11' 149 | resources: 150 | - id: add-repo 151 | repository: 152 | apt: 153 | archiveType: DEB 154 | uri: https://packages.cloud.google.com/apt 155 | distribution: google-cloud-ops-agent-bullseye-$agent_version 156 | components: 157 | - main 158 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 159 | - id: install-pkg 160 | pkg: 161 | desiredState: REMOVED 162 | apt: 163 | name: google-cloud-ops-agent 164 | - inventoryFilters: 165 | - osShortName: debian 166 | osVersion: '12' 167 | resources: 168 | - id: add-repo 169 | repository: 170 | apt: 171 | archiveType: DEB 172 | uri: https://packages.cloud.google.com/apt 173 | distribution: google-cloud-ops-agent-bookworm-$agent_version 174 | components: 175 | - main 176 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 177 | - id: install-pkg 178 | pkg: 179 | desiredState: REMOVED 180 | apt: 181 | name: google-cloud-ops-agent 182 | - inventoryFilters: 183 | - osShortName: ubuntu 184 | osVersion: '18.04' 185 | resources: 186 | - id: wait-for-cloud-init 187 | exec: 188 | validate: 189 | script: "cloud-init status --wait; exit 100;" 190 | interpreter: SHELL 191 | enforce: 192 | script: "echo hello" 193 | interpreter: SHELL 194 | - id: add-repo 195 | repository: 196 | apt: 197 | archiveType: DEB 198 | uri: https://packages.cloud.google.com/apt 199 | distribution: google-cloud-ops-agent-bionic-$agent_version 200 | components: 201 | - main 202 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 203 | - id: install-pkg 204 | pkg: 205 | desiredState: REMOVED 206 | apt: 207 | name: google-cloud-ops-agent 208 | - inventoryFilters: 209 | - osShortName: ubuntu 210 | osVersion: '20.04' 211 | resources: 212 | - id: wait-for-cloud-init 213 | exec: 214 | validate: 215 | script: "cloud-init status --wait; exit 100;" 216 | interpreter: SHELL 217 | enforce: 218 | script: "echo hello" 219 | interpreter: SHELL 220 | - id: add-repo 221 | repository: 222 | apt: 223 | archiveType: DEB 224 | uri: https://packages.cloud.google.com/apt 225 | distribution: google-cloud-ops-agent-focal-$agent_version 226 | components: 227 | - main 228 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 229 | - id: install-pkg 230 | pkg: 231 | desiredState: REMOVED 232 | apt: 233 | name: google-cloud-ops-agent 234 | - inventoryFilters: 235 | - osShortName: ubuntu 236 | osVersion: '22.04' 237 | resources: 238 | - id: wait-for-cloud-init 239 | exec: 240 | validate: 241 | script: "cloud-init status --wait; exit 100;" 242 | interpreter: SHELL 243 | enforce: 244 | script: "echo hello" 245 | interpreter: SHELL 246 | - id: add-repo 247 | repository: 248 | apt: 249 | archiveType: DEB 250 | uri: https://packages.cloud.google.com/apt 251 | distribution: google-cloud-ops-agent-jammy-$agent_version 252 | components: 253 | - main 254 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 255 | - id: install-pkg 256 | pkg: 257 | desiredState: REMOVED 258 | apt: 259 | name: google-cloud-ops-agent 260 | - inventoryFilters: 261 | - osShortName: ubuntu 262 | osVersion: '23.10' 263 | resources: 264 | - id: wait-for-cloud-init 265 | exec: 266 | validate: 267 | script: "cloud-init status --wait; exit 100;" 268 | interpreter: SHELL 269 | enforce: 270 | script: "echo hello" 271 | interpreter: SHELL 272 | - id: add-repo 273 | repository: 274 | apt: 275 | archiveType: DEB 276 | uri: https://packages.cloud.google.com/apt 277 | distribution: google-cloud-ops-agent-mantic-$agent_version 278 | components: 279 | - main 280 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 281 | - id: install-pkg 282 | pkg: 283 | desiredState: REMOVED 284 | apt: 285 | name: google-cloud-ops-agent 286 | - inventoryFilters: 287 | - osShortName: ubuntu 288 | osVersion: '24.04' 289 | resources: 290 | - id: wait-for-cloud-init 291 | exec: 292 | validate: 293 | script: "cloud-init status --wait; exit 100;" 294 | interpreter: SHELL 295 | enforce: 296 | script: "echo hello" 297 | interpreter: SHELL 298 | - id: add-repo 299 | repository: 300 | apt: 301 | archiveType: DEB 302 | uri: https://packages.cloud.google.com/apt 303 | distribution: google-cloud-ops-agent-noble-$agent_version 304 | components: 305 | - main 306 | gpgKey: https://packages.cloud.google.com/apt/doc/apt-key.gpg 307 | - id: install-pkg 308 | pkg: 309 | desiredState: REMOVED 310 | apt: 311 | name: google-cloud-ops-agent 312 | - inventoryFilters: 313 | - osShortName: windows 314 | osVersion: '10.*' 315 | - osShortName: windows 316 | osVersion: '6.*' 317 | resources: 318 | - id: add-repo 319 | repository: 320 | goo: 321 | name: Google Cloud Ops Agent 322 | url: https://packages.cloud.google.com/yuck/repos/google-cloud-ops-agent-windows-$agent_version 323 | - id: install-pkg 324 | pkg: 325 | desiredState: REMOVED 326 | googet: 327 | name: google-cloud-ops-agent 328 | -------------------------------------------------------------------------------- /modules/ops-agent-policy/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #################################################################### 18 | ## Variables for the ops-agent-policy module 19 | #################################################################### 20 | 21 | variable "assignment_id" { 22 | description = "Resource name. Unique among policy assignments in the given zone" 23 | type = string 24 | } 25 | 26 | variable "zone" { 27 | description = "The location to which policy assignments are applied to." 28 | type = string 29 | // Better error message when giving regions instead of zones, 30 | // more validation is done by the underlying API 31 | validation { 32 | condition = length(regexall(".*-.*-.*", var.zone)) > 0 33 | error_message = "Expected a valid GCP zone" 34 | } 35 | } 36 | 37 | variable "project" { 38 | description = "The ID of the project in which to provision resources. If not present, uses the provider ID" 39 | type = string 40 | default = null 41 | } 42 | 43 | variable "agents_rule" { 44 | description = "Whether to install or uninstall the agent, and which version to install." 45 | type = object({ package_state : string, version : string }) 46 | default = { package_state : "installed", version : "latest" } 47 | validation { 48 | condition = contains(["installed", "removed"], var.agents_rule.package_state) 49 | error_message = "agents_rule.package_state must be one of installed|removed" 50 | } 51 | validation { 52 | condition = (var.agents_rule.version == "latest" || 53 | length(regexall("2\\.\\d+\\.\\d+", var.agents_rule.version)) > 0 || 54 | var.agents_rule.version == "2.*.*") 55 | error_message = "agents_rule.version match one of 'latest', r'2\\.\\d\\.\\d', '2.*.*" 56 | } 57 | } 58 | 59 | variable "instance_filter" { 60 | description = "Filter to select VMs. Structure is documented below here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/os_config_os_policy_assignment." 61 | type = object({ 62 | all : optional(bool), 63 | // excludes a VM if it contains all label-value pairs for some element in the list 64 | exclusion_labels : optional(list(object({ 65 | labels : map(string) 66 | })), []), 67 | // includes a VM if it contains all label-value pairs for some element in the list 68 | inclusion_labels : optional(list(object({ 69 | labels : map(string) 70 | })), []), 71 | // includes a VM if its inventory data matches at least one of the following inventories 72 | inventories : optional(list(object({ 73 | os_short_name : string, 74 | os_version : string 75 | })), []), 76 | }) 77 | } 78 | -------------------------------------------------------------------------------- /modules/ops-agent-policy/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2024 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = ">= 4.0, < 7" 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /modules/simple-uptime-check/README.md: -------------------------------------------------------------------------------- 1 | ## Simple Uptime Check 2 | 3 | This module is used to create a single uptime check along with an alert policy and new and/or existing notification channel(s) to notify if the uptime check fails. 4 | 5 | This module does not support multiple alert policies or multiple conditions for a single alert policy. For alert policies, conditions does not support `condition_absent`, `condition_monitoring_query_language` or `condition_matched_log` blocks. 6 | 7 | ## Usage 8 | 9 | 10 | ## Inputs 11 | 12 | | Name | Description | Type | Default | Required | 13 | |------|-------------|------|---------|:--------:| 14 | | accepted\_response\_status\_classes | Check will only pass if the HTTP response status code is in this set of status classes (combined with the set of status values). Possible values: STATUS\_CLASS\_1XX, STATUS\_CLASS\_2XX, STATUS\_CLASS\_3XX, STATUS\_CLASS\_4XX, STATUS\_CLASS\_5XX, STATUS\_CLASS\_ANY | `set(string)` | `[]` | no | 15 | | accepted\_response\_status\_values | Check will only pass if the HTTP response status code is in this set of status values (combined with the set of status classes). | `set(number)` | `[]` | no | 16 | | aggregations | Specifies the alignment of data points in individual time series as well as how to combine the retrieved time series together. | 
object({
    alignment_period     = string
    per_series_aligner   = string
    group_by_fields      = list(string)
    cross_series_reducer = string
  })
| 
{
  "alignment_period": "1200s",
  "cross_series_reducer": "REDUCE_COUNT_FALSE",
  "group_by_fields": [
    "resource.label.*"
  ],
  "per_series_aligner": "ALIGN_NEXT_OLDER"
}
| no | 17 | | alert\_policy\_combiner | Determines how to combine multiple conditions. One of: AND, OR, or AND\_WITH\_MATCHING\_RESOURCE. | `string` | `"OR"` | no | 18 | | alert\_policy\_display\_name | Display name for the alert policy. Defaults to "var.uptime\_check\_display\_name Uptime Failure Alert Policy" if left empty. | `string` | `""` | no | 19 | | alert\_policy\_user\_labels | This field is intended to be used for organizing and identifying the AlertPolicy objects. | `map(string)` | `{}` | no | 20 | | auth\_info | Optional username and password to authenticate. | 
object({
    username = string
    password = string
  })
| `null` | no | 21 | | auto\_close | Open incidents will close if an alert policy that was active has no data for this long (in seconds, must be at least 30 minutes). For example "18000s". | `string` | `null` | no | 22 | | body | The request body associated with the HTTP POST request. | `string` | `null` | no | 23 | | checker\_type | One of: STATIC\_IP\_CHECKERS, VPC\_CHECKERS | `string` | `"STATIC_IP_CHECKERS"` | no | 24 | | condition\_display\_name | A unique name to identify condition in dashboards, notifications, and incidents. If left empty, defaults to Failure of uptime check\_id | `string` | `""` | no | 25 | | condition\_threshold\_comparison | The comparison to apply between the time series (indicated by filter and aggregation) and the threshold (indicated by threshold\_value). | `string` | `"COMPARISON_GT"` | no | 26 | | condition\_threshold\_duration | The amount of time that a time series must violate the threshold to be considered failing, in seconds. Must be a multiple of 60 seconds. | `string` | `"60s"` | no | 27 | | condition\_threshold\_filter | A filter that identifies which time series should be compared with the threshold. Defaults to uptime check failure filter if left as empty string. | `string` | `""` | no | 28 | | condition\_threshold\_trigger | Defines the percent and number of time series that must fail the predicate for the condition to be triggered | 
object({
    percent = number
    count   = number
  })
| 
{
  "count": 1,
  "percent": null
}
| no | 29 | | condition\_threshold\_value | A value against which to compare the time series. | `number` | `1` | no | 30 | | content | String or regex content to match. | `string` | `null` | no | 31 | | content\_type | Content type to use for the http(s) check. Can be one of: TYPE\_UNSPECIFIED, URL\_ENCODED | `string` | `null` | no | 32 | | enabled | Whether or not the policy is enabled (defaults to true) | `bool` | `true` | no | 33 | | existing\_notification\_channels | List of existing notification channel IDs to use for alerting if the uptime check fails. | `list(string)` | `[]` | no | 34 | | headers | The list of headers to send as part of the uptime check request. | `map(string)` | `{}` | no | 35 | | json\_path\_matcher | If matcher is MATCHES\_JSON\_PATH or NOT\_MATCHES\_JSON\_PATH, the json matcher and path to use. The json matcher must be either EXACT\_MATCH or REGEX\_MATCH. | 
object({
    json_path    = string
    json_matcher = string
  })
| `null` | no | 36 | | mask\_headers | Whether to encrypt the header information. | `bool` | `false` | no | 37 | | matcher | Type of content matcher. One of: CONTAINS\_STRING, NOT\_CONTAINS\_STRING, MATCHES\_REGEX, NOT\_MATCHES\_REGEX, MATCHES\_JSON\_PATH, NOT\_MATCHES\_JSON\_PATH | `string` | `"CONTAINS_STRING"` | no | 38 | | monitored\_resource | Monitored resource type and labels. One of: uptime\_url, gce\_instance, gae\_app, aws\_ec2\_instance, aws\_elb\_load\_balancer, k8s\_service, servicedirectory\_service. See https://cloud.google.com/monitoring/api/resources for a list of labels. | 
object({
    monitored_resource_type = string
    labels                  = map(string)
  })
| `null` | no | 39 | | notification\_channel\_strategy | Control over how the notification channels in notification\_channels are notified when this alert fires, on a per-channel basis. | 
object({
    notification_channel_names = list(string)
    renotify_interval          = number
  })
| `null` | no | 40 | | notification\_channels | List of all the notification channels to create for alerting if the uptime check fails. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list for a list of types and labels. | 
list(object({
    display_name = string
    type         = string
    labels       = map(string)
  }))
| `[]` | no | 41 | | notification\_rate\_limit\_period | Not more than one notification per specified period (in seconds), for example "30s". | `string` | `null` | no | 42 | | path | Path to the page to run the check against. The path to the page to run the check against. Will be combined with the host in monitored\_resource block to construct the entire URL. | `string` | `"/"` | no | 43 | | period | How frequently uptime check is run. Must be one of the following: 60s, 300s, 600s, 900s | `string` | `"60s"` | no | 44 | | port | The port to the page to run the check against. If left null, defaults to 443 for HTTPS and 80 for HTTP. | `number` | `null` | no | 45 | | project\_id | The project ID to host the uptime check in (required). | `string` | n/a | yes | 46 | | protocol | Protocol for uptime check. One of: HTTPS, HTTP, or TCP (required). | `string` | n/a | yes | 47 | | request\_method | HTTP request method to use for the check. One of: METHOD\_UNSPECIFIED, GET, POST | `string` | `"GET"` | no | 48 | | resource\_group | Group resource associated with configuration. Resource types must be one of: RESOURCE\_TYPE\_UNSPECIFIED, INSTANCE, AWS\_ELB\_LOAD\_BALANCER | 
object({
    resource_type = string
    group_id      = string
  })
| `null` | no | 49 | | selected\_regions | Regions from which to run the uptime check from. Defaults to all regions. | `list(string)` | `[]` | no | 50 | | timeout | The maximum amount of time to wait for the request to complete. | `string` | `"10s"` | no | 51 | | uptime\_check\_display\_name | The display name for the uptime check (required). | `string` | n/a | yes | 52 | | validate\_ssl | If https, whether to validate SSL certificates. | `string` | `true` | no | 53 | 54 | ## Outputs 55 | 56 | | Name | Description | 57 | |------|-------------| 58 | | alert\_policy\_id | The id of the alert policy. | 59 | | notification\_channel\_ids | The ids of the notification channels | 60 | | uptime\_check\_id | The id of the uptime check. | 61 | 62 | 63 | -------------------------------------------------------------------------------- /modules/simple-uptime-check/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | use_ssl = var.protocol == "HTTPS" 19 | http_port = var.port == null && var.protocol == "HTTPS" ? 443 : 80 20 | 21 | alert_policy_name = coalesce(var.alert_policy_display_name, "${var.uptime_check_display_name} Uptime Failure Alert Policy") 22 | enable_alert_strategy = var.auto_close != null || var.notification_rate_limit_period != null || var.notification_channel_strategy != null ? true : false 23 | resource_type = var.monitored_resource != null ? var.monitored_resource.monitored_resource_type : var.resource_group.resource_type 24 | threshold_filter = var.condition_threshold_filter == "" ? "metric.type=\"monitoring.googleapis.com/uptime_check/check_passed\" AND metric.label.check_id=\"${google_monitoring_uptime_check_config.uptime_check.uptime_check_id}\" AND resource.type=\"${local.resource_type}\"" : var.condition_threshold_filter 25 | } 26 | 27 | resource "google_monitoring_uptime_check_config" "uptime_check" { 28 | display_name = var.uptime_check_display_name 29 | project = var.project_id 30 | 31 | timeout = var.timeout 32 | period = var.period 33 | selected_regions = var.selected_regions 34 | checker_type = var.checker_type 35 | 36 | dynamic "http_check" { 37 | for_each = var.protocol == "HTTP" || var.protocol == "HTTPS" ? [1] : [] 38 | content { 39 | path = var.path 40 | port = local.http_port 41 | request_method = var.request_method 42 | headers = var.headers 43 | mask_headers = var.mask_headers 44 | content_type = var.content_type 45 | body = var.body 46 | use_ssl = local.use_ssl 47 | validate_ssl = var.validate_ssl 48 | 49 | dynamic "auth_info" { 50 | for_each = var.auth_info != null ? [1] : [] 51 | 52 | content { 53 | username = var.auth_info.username 54 | password = var.auth_info.password 55 | } 56 | } 57 | 58 | dynamic "accepted_response_status_codes" { 59 | for_each = var.accepted_response_status_values 60 | 61 | content { 62 | status_value = accepted_response_status_codes.value 63 | } 64 | } 65 | 66 | dynamic "accepted_response_status_codes" { 67 | for_each = var.accepted_response_status_classes 68 | 69 | content { 70 | status_class = accepted_response_status_codes.value 71 | } 72 | } 73 | } 74 | } 75 | 76 | dynamic "tcp_check" { 77 | for_each = var.protocol == "TCP" ? [1] : [] 78 | content { 79 | port = var.port 80 | } 81 | } 82 | 83 | dynamic "content_matchers" { 84 | for_each = var.content != null ? [1] : [] 85 | 86 | content { 87 | content = var.content 88 | matcher = var.matcher 89 | 90 | dynamic "json_path_matcher" { 91 | for_each = var.json_path_matcher != null ? [1] : [] 92 | 93 | content { 94 | json_path = var.json_path_matcher.json_path 95 | json_matcher = var.json_path_matcher.json_matcher 96 | } 97 | } 98 | } 99 | } 100 | 101 | dynamic "resource_group" { 102 | for_each = var.resource_group != null ? [1] : [] 103 | 104 | content { 105 | resource_type = var.resource_group.resource_type 106 | group_id = var.resource_group.group_id 107 | } 108 | } 109 | 110 | dynamic "monitored_resource" { 111 | for_each = var.monitored_resource != null ? [1] : [] 112 | 113 | content { 114 | type = var.monitored_resource.monitored_resource_type 115 | labels = var.monitored_resource.labels 116 | } 117 | } 118 | } 119 | 120 | resource "google_monitoring_alert_policy" "alert_policy" { 121 | project = var.project_id 122 | display_name = local.alert_policy_name 123 | enabled = var.enabled 124 | combiner = var.alert_policy_combiner 125 | 126 | conditions { 127 | display_name = var.condition_display_name != "" ? var.condition_display_name : "Failure of uptime check_id ${google_monitoring_uptime_check_config.uptime_check.uptime_check_id}" 128 | 129 | condition_threshold { 130 | threshold_value = var.condition_threshold_value 131 | duration = var.condition_threshold_duration 132 | filter = local.threshold_filter 133 | comparison = var.condition_threshold_comparison 134 | 135 | aggregations { 136 | alignment_period = var.aggregations.alignment_period 137 | per_series_aligner = var.aggregations.per_series_aligner 138 | group_by_fields = var.aggregations.group_by_fields 139 | cross_series_reducer = var.aggregations.cross_series_reducer 140 | } 141 | 142 | trigger { 143 | percent = var.condition_threshold_trigger.percent 144 | count = var.condition_threshold_trigger.count 145 | } 146 | } 147 | } 148 | 149 | notification_channels = concat([for channel in google_monitoring_notification_channel.notification_channel : channel.id], var.existing_notification_channels) 150 | 151 | dynamic "alert_strategy" { 152 | for_each = local.enable_alert_strategy ? [1] : [] 153 | 154 | content { 155 | auto_close = var.auto_close 156 | 157 | dynamic "notification_rate_limit" { 158 | for_each = var.notification_rate_limit_period != null ? [1] : [] 159 | 160 | content { 161 | period = var.notification_rate_limit_period 162 | } 163 | } 164 | 165 | dynamic "notification_channel_strategy" { 166 | for_each = var.notification_channel_strategy != null ? [1] : [] 167 | 168 | content { 169 | notification_channel_names = var.notification_channel_strategy.notification_channel_names 170 | renotify_interval = var.notification_channel_strategy.renotify_interval 171 | } 172 | } 173 | } 174 | } 175 | 176 | user_labels = var.alert_policy_user_labels 177 | } 178 | 179 | resource "google_monitoring_notification_channel" "notification_channel" { 180 | for_each = { for k, v in var.notification_channels : k => v } 181 | project = var.project_id 182 | display_name = each.value.display_name 183 | type = each.value.type 184 | labels = each.value.labels 185 | } 186 | -------------------------------------------------------------------------------- /modules/simple-uptime-check/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "uptime_check_id" { 18 | description = "The id of the uptime check." 19 | value = google_monitoring_uptime_check_config.uptime_check.id 20 | } 21 | 22 | output "alert_policy_id" { 23 | description = "The id of the alert policy." 24 | value = google_monitoring_alert_policy.alert_policy.id 25 | } 26 | 27 | output "notification_channel_ids" { 28 | description = "The ids of the notification channels" 29 | value = values(google_monitoring_notification_channel.notification_channel)[*].id 30 | } 31 | -------------------------------------------------------------------------------- /modules/simple-uptime-check/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The project ID to host the uptime check in (required)." 19 | type = string 20 | } 21 | 22 | variable "uptime_check_display_name" { 23 | description = "The display name for the uptime check (required)." 24 | type = string 25 | } 26 | 27 | variable "protocol" { 28 | description = "Protocol for uptime check. One of: HTTPS, HTTP, or TCP (required)." 29 | type = string 30 | } 31 | 32 | variable "timeout" { 33 | description = "The maximum amount of time to wait for the request to complete." 34 | type = string 35 | default = "10s" 36 | } 37 | 38 | variable "period" { 39 | description = "How frequently uptime check is run. Must be one of the following: 60s, 300s, 600s, 900s" 40 | type = string 41 | default = "60s" 42 | } 43 | 44 | variable "content" { 45 | description = "String or regex content to match." 46 | type = string 47 | default = null 48 | } 49 | 50 | variable "matcher" { 51 | description = "Type of content matcher. One of: CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX, MATCHES_JSON_PATH, NOT_MATCHES_JSON_PATH" 52 | type = string 53 | default = "CONTAINS_STRING" 54 | } 55 | 56 | variable "json_path_matcher" { 57 | description = "If matcher is MATCHES_JSON_PATH or NOT_MATCHES_JSON_PATH, the json matcher and path to use. The json matcher must be either EXACT_MATCH or REGEX_MATCH." 58 | type = object({ 59 | json_path = string 60 | json_matcher = string 61 | }) 62 | default = null 63 | } 64 | 65 | variable "path" { 66 | description = "Path to the page to run the check against. The path to the page to run the check against. Will be combined with the host in monitored_resource block to construct the entire URL." 67 | type = string 68 | default = "/" 69 | } 70 | 71 | variable "port" { 72 | description = "The port to the page to run the check against. If left null, defaults to 443 for HTTPS and 80 for HTTP." 73 | type = number 74 | default = null 75 | } 76 | 77 | variable "headers" { 78 | description = "The list of headers to send as part of the uptime check request." 79 | type = map(string) 80 | default = {} 81 | } 82 | 83 | variable "body" { 84 | description = "The request body associated with the HTTP POST request." 85 | type = string 86 | default = null 87 | } 88 | 89 | variable "auth_info" { 90 | description = "Optional username and password to authenticate." 91 | type = object({ 92 | username = string 93 | password = string 94 | }) 95 | default = null 96 | } 97 | 98 | variable "accepted_response_status_values" { 99 | description = "Check will only pass if the HTTP response status code is in this set of status values (combined with the set of status classes)." 100 | type = set(number) 101 | default = [] 102 | } 103 | 104 | variable "accepted_response_status_classes" { 105 | description = "Check will only pass if the HTTP response status code is in this set of status classes (combined with the set of status values). Possible values: STATUS_CLASS_1XX, STATUS_CLASS_2XX, STATUS_CLASS_3XX, STATUS_CLASS_4XX, STATUS_CLASS_5XX, STATUS_CLASS_ANY" 106 | type = set(string) 107 | default = [] 108 | } 109 | 110 | variable "mask_headers" { 111 | description = "Whether to encrypt the header information." 112 | type = bool 113 | default = false 114 | } 115 | 116 | variable "request_method" { 117 | description = "HTTP request method to use for the check. One of: METHOD_UNSPECIFIED, GET, POST" 118 | type = string 119 | default = "GET" 120 | } 121 | 122 | variable "content_type" { 123 | description = "Content type to use for the http(s) check. Can be one of: TYPE_UNSPECIFIED, URL_ENCODED" 124 | type = string 125 | default = null 126 | } 127 | 128 | variable "validate_ssl" { 129 | description = "If https, whether to validate SSL certificates." 130 | type = string 131 | default = true 132 | } 133 | 134 | variable "selected_regions" { 135 | description = "Regions from which to run the uptime check from. Defaults to all regions." 136 | type = list(string) 137 | default = [] 138 | } 139 | 140 | variable "checker_type" { 141 | description = "One of: STATIC_IP_CHECKERS, VPC_CHECKERS" 142 | type = string 143 | default = "STATIC_IP_CHECKERS" 144 | } 145 | 146 | variable "resource_group" { 147 | description = "Group resource associated with configuration. Resource types must be one of: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER" 148 | type = object({ 149 | resource_type = string 150 | group_id = string 151 | }) 152 | default = null 153 | } 154 | 155 | variable "monitored_resource" { 156 | description = "Monitored resource type and labels. One of: uptime_url, gce_instance, gae_app, aws_ec2_instance, aws_elb_load_balancer, k8s_service, servicedirectory_service. See https://cloud.google.com/monitoring/api/resources for a list of labels." 157 | type = object({ 158 | monitored_resource_type = string 159 | labels = map(string) 160 | }) 161 | default = null 162 | } 163 | 164 | // Alert Policy Variables 165 | 166 | variable "alert_policy_display_name" { 167 | description = "Display name for the alert policy. Defaults to \"var.uptime_check_display_name Uptime Failure Alert Policy\" if left empty." 168 | type = string 169 | default = "" 170 | } 171 | 172 | variable "enabled" { 173 | description = "Whether or not the policy is enabled (defaults to true)" 174 | type = bool 175 | default = true 176 | } 177 | 178 | variable "alert_policy_combiner" { 179 | description = "Determines how to combine multiple conditions. One of: AND, OR, or AND_WITH_MATCHING_RESOURCE." 180 | type = string 181 | default = "OR" 182 | } 183 | 184 | variable "condition_display_name" { 185 | description = "A unique name to identify condition in dashboards, notifications, and incidents. If left empty, defaults to Failure of uptime check_id" 186 | type = string 187 | default = "" 188 | } 189 | 190 | variable "condition_threshold_value" { 191 | description = "A value against which to compare the time series." 192 | type = number 193 | default = 1 194 | } 195 | 196 | variable "condition_threshold_duration" { 197 | description = "The amount of time that a time series must violate the threshold to be considered failing, in seconds. Must be a multiple of 60 seconds." 198 | type = string 199 | default = "60s" 200 | } 201 | 202 | variable "condition_threshold_comparison" { 203 | description = "The comparison to apply between the time series (indicated by filter and aggregation) and the threshold (indicated by threshold_value)." 204 | type = string 205 | default = "COMPARISON_GT" 206 | } 207 | 208 | variable "condition_threshold_filter" { 209 | description = "A filter that identifies which time series should be compared with the threshold. Defaults to uptime check failure filter if left as empty string." 210 | type = string 211 | default = "" 212 | } 213 | 214 | variable "aggregations" { 215 | description = "Specifies the alignment of data points in individual time series as well as how to combine the retrieved time series together." 216 | type = object({ 217 | alignment_period = string 218 | per_series_aligner = string 219 | group_by_fields = list(string) 220 | cross_series_reducer = string 221 | }) 222 | default = { 223 | alignment_period = "1200s" 224 | per_series_aligner = "ALIGN_NEXT_OLDER" 225 | group_by_fields = ["resource.label.*"] 226 | cross_series_reducer = "REDUCE_COUNT_FALSE" 227 | } 228 | } 229 | 230 | variable "condition_threshold_trigger" { 231 | description = "Defines the percent and number of time series that must fail the predicate for the condition to be triggered" 232 | type = object({ 233 | percent = number 234 | count = number 235 | }) 236 | default = { 237 | percent = null 238 | count = 1 239 | } 240 | } 241 | 242 | variable "notification_rate_limit_period" { 243 | description = "Not more than one notification per specified period (in seconds), for example \"30s\"." 244 | type = string 245 | default = null 246 | } 247 | 248 | variable "auto_close" { 249 | description = "Open incidents will close if an alert policy that was active has no data for this long (in seconds, must be at least 30 minutes). For example \"18000s\"." 250 | type = string 251 | default = null 252 | } 253 | 254 | variable "notification_channel_strategy" { 255 | description = "Control over how the notification channels in notification_channels are notified when this alert fires, on a per-channel basis." 256 | type = object({ 257 | notification_channel_names = list(string) 258 | renotify_interval = number 259 | }) 260 | default = null 261 | } 262 | 263 | variable "alert_policy_user_labels" { 264 | description = "This field is intended to be used for organizing and identifying the AlertPolicy objects." 265 | type = map(string) 266 | default = {} 267 | } 268 | 269 | variable "notification_channels" { 270 | description = "List of all the notification channels to create for alerting if the uptime check fails. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list for a list of types and labels." 271 | type = list(object({ 272 | display_name = string 273 | type = string 274 | labels = map(string) 275 | })) 276 | default = [] 277 | } 278 | 279 | variable "existing_notification_channels" { 280 | description = "List of existing notification channel IDs to use for alerting if the uptime check fails." 281 | type = list(string) 282 | default = [] 283 | } 284 | -------------------------------------------------------------------------------- /modules/simple-uptime-check/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = ">= 4.0, < 7" 24 | } 25 | } 26 | 27 | provider_meta "google" { 28 | module_name = "blueprints/terraform/terraform-google-cloud-operations:simple-uptime-check/v0.6.0" 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /test/.gitignore: -------------------------------------------------------------------------------- 1 | source.sh 2 | -------------------------------------------------------------------------------- /test/agent-policy-tests/test-integration-update.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | # Copyright 2020 Google LLC 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | SCRIPT_DIR="$( realpath "$( dirname "${BASH_SOURCE[0]}" )" )" 17 | TF_VARS_FILE="${SCRIPT_DIR}/../fixtures/agent_policy_update_example/terraform.tfvars" 18 | ORIGINAL_CONFIG="$(<"$TF_VARS_FILE")" 19 | 20 | set -eu 21 | source /usr/local/bin/task_helper_functions.sh 22 | 23 | 24 | # Params: 25 | # $1 = string pattern before replacement 26 | # $2 = string pattern after replacement 27 | # $3 = replacement string 28 | # This function replaces anything in between the string 29 | # patterns with the given replacement string 30 | function replace_between() { 31 | local file="$ORIGINAL_CONFIG" 32 | local upper=${file%$1 *} # removes everything after $1 33 | local lower=${file#*$2 } # removes everything before $2 34 | echo "$upper$1 = $3" > "$TF_VARS_FILE" 35 | echo "$2 $lower" >> "$TF_VARS_FILE" 36 | } 37 | 38 | # Params: 39 | # $1 = string pattern before replacement 40 | # $2 = replacement string 41 | # This function replaces anything after the string pattern 42 | # with the given replacement string 43 | function replace_after() { 44 | local file="$ORIGINAL_CONFIG" 45 | local upper=${file%$1 *} # removes everything after $1 46 | echo "$upper$1 = $2" > "$TF_VARS_FILE" 47 | } 48 | 49 | function restore_original_config() { 50 | echo "$ORIGINAL_CONFIG" > "$TF_VARS_FILE" 51 | } 52 | 53 | function test_original_state() { 54 | restore_original_config 55 | kitchen_do converge agent-policy-update-example-default 56 | kitchen_do verify agent-policy-update-example-default 57 | } 58 | 59 | function test_agent_rules_update() { 60 | local agent_rules=$'[{\n type = "metrics" \n package_state = "removed" \n ' 61 | agent_rules="$agent_rules"$'version = "latest" \n enable_autoupgrade = false \n }]' 62 | replace_between "agent_rules" "group_labels" "$agent_rules" 63 | kitchen_do converge agent-policy-update-example-default 64 | kitchen_do verify agent-policy-update-example-default 65 | } 66 | 67 | function test_agent_rules() { 68 | test_agent_rules_update 69 | test_original_state 70 | } 71 | 72 | function test_group_labels_update() { 73 | local group_labels=$'[{\n env = "prod" \n}]' 74 | replace_between "group_labels" "os_types" "$group_labels" 75 | kitchen_do converge agent-policy-update-example-default 76 | kitchen_do verify agent-policy-update-example-default 77 | } 78 | 79 | function test_group_labels() { 80 | test_group_labels_update 81 | test_original_state 82 | } 83 | 84 | function test_os_types_update() { 85 | local os_types=$'[{\n "short_name" = "sles" \n "version" = "15.1" \n}]' 86 | replace_between "os_types" "zones" "$os_types" 87 | kitchen_do converge agent-policy-update-example-default 88 | kitchen_do verify agent-policy-update-example-default 89 | } 90 | 91 | function test_os_types() { 92 | test_os_types_update 93 | test_original_state 94 | } 95 | 96 | function test_zones_update() { 97 | local zones='["us-central1-c", "asia-northeast2-b"]' 98 | replace_between "zones" "instances" "$zones" 99 | kitchen_do converge agent-policy-update-example-default 100 | kitchen_do verify agent-policy-update-example-default 101 | } 102 | 103 | function test_zones() { 104 | test_zones_update 105 | test_original_state 106 | } 107 | 108 | function test_instances_update() { 109 | local instances='["zones/us-central1-a/instances/test-instance"]' 110 | replace_after "instances" "$instances" 111 | kitchen_do converge agent-policy-update-example-default 112 | kitchen_do verify agent-policy-update-example-default 113 | } 114 | 115 | function test_instances() { 116 | test_instances_update 117 | test_original_state 118 | } 119 | 120 | function test_description_update() { 121 | local description=$'"a test description"' 122 | replace_between "description" "agent_rules" "$description" 123 | kitchen_do converge agent-policy-update-example-default 124 | kitchen_do verify agent-policy-update-example-default 125 | } 126 | 127 | function test_description() { 128 | test_description_update 129 | } 130 | 131 | function run_integration_update_tests() { 132 | source_test_env 133 | init_credentials 134 | 135 | kitchen_do create agent-policy-update-example-default 136 | test_original_state 137 | 138 | test_agent_rules 139 | test_group_labels 140 | test_os_types 141 | test_zones 142 | test_instances 143 | test_description 144 | 145 | restore_original_config 146 | } 147 | 148 | run_integration_update_tests 149 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_detailed_example/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/agent_policy_detailed_example" 19 | 20 | project_id = var.project_id 21 | } 22 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_detailed_example/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | description = "The ID of the project in which resources are provisioned." 19 | value = var.project_id 20 | } 21 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_detailed_example/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which to provision resources." 19 | type = string 20 | } 21 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_detailed_example/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.12" 19 | } 20 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_simple_example/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/agent_policy_simple_example" 19 | 20 | project_id = var.project_id 21 | } 22 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_simple_example/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | description = "The ID of the project in which resources are provisioned." 19 | value = var.project_id 20 | } 21 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_simple_example/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which to provision resources." 19 | type = string 20 | } 21 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_simple_example/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.12" 19 | } 20 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_update_example/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | module "example" { 18 | source = "../../../examples/agent_policy_update_example" 19 | 20 | project_id = var.project_id 21 | description = var.description 22 | agent_rules = var.agent_rules 23 | group_labels = var.group_labels 24 | os_types = var.os_types 25 | zones = var.zones 26 | instances = var.instances 27 | } 28 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_update_example/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | description = "The ID of the project in which resources are provisioned." 19 | value = var.project_id 20 | } 21 | 22 | output "description" { 23 | description = "The description of the policy." 24 | value = var.description 25 | } 26 | 27 | output "agent_rules" { 28 | description = "A list of agent rules to be enforced by the policy." 29 | value = var.agent_rules 30 | } 31 | 32 | output "group_labels" { 33 | description = "A list of label maps to filter instances to apply policies on." 34 | value = var.group_labels 35 | } 36 | 37 | output "os_types" { 38 | description = "A list of label maps to filter instances to apply policies on." 39 | value = var.os_types 40 | } 41 | 42 | output "zones" { 43 | description = "A list of zones to filter instances to apply the policy." 44 | value = var.zones 45 | 46 | } 47 | 48 | output "instances" { 49 | description = "A list of zones to filter instances to apply the policy." 50 | value = var.instances 51 | 52 | } 53 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_update_example/terraform.tfvars: -------------------------------------------------------------------------------- 1 | description = null 2 | agent_rules = [ 3 | { 4 | type = "logging" 5 | version = "1.*.*" 6 | package_state = "installed" 7 | enable_autoupgrade = true 8 | } 9 | ] 10 | group_labels = null 11 | os_types = [ 12 | { 13 | short_name = "rhel" 14 | version = "8.2" 15 | }, 16 | ] 17 | zones = null 18 | instances = null 19 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_update_example/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | variable "project_id" { 18 | description = "The ID of the project in which to provision resources." 19 | type = string 20 | } 21 | 22 | variable "description" { 23 | description = "The description of the policy." 24 | type = string 25 | default = null 26 | } 27 | 28 | variable "agent_rules" { 29 | description = "A list of agent rules to be enforced by the policy." 30 | type = list(any) 31 | } 32 | 33 | variable "group_labels" { 34 | description = "A list of label maps to filter instances to apply policies on." 35 | type = list(map(string)) 36 | default = null 37 | } 38 | 39 | variable "os_types" { 40 | description = "A list of label maps to filter instances to apply policies on." 41 | type = list(any) 42 | } 43 | 44 | variable "zones" { 45 | description = "A list of zones to filter instances to apply the policy." 46 | type = list(string) 47 | default = null 48 | } 49 | 50 | variable "instances" { 51 | description = "A list of zones to filter instances to apply the policy." 52 | type = list(string) 53 | default = null 54 | } 55 | -------------------------------------------------------------------------------- /test/fixtures/agent_policy_update_example/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2020 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.12" 19 | } 20 | -------------------------------------------------------------------------------- /test/go.mod: -------------------------------------------------------------------------------- 1 | module integration 2 | 3 | go 1.22.0 4 | 5 | toolchain go1.22.8 6 | 7 | require github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.16.2 8 | 9 | require ( 10 | cloud.google.com/go v0.110.7 // indirect 11 | cloud.google.com/go/compute v1.23.0 // indirect 12 | cloud.google.com/go/compute/metadata v0.2.3 // indirect 13 | cloud.google.com/go/iam v1.1.2 // indirect 14 | cloud.google.com/go/storage v1.33.0 // indirect 15 | github.com/agext/levenshtein v1.2.3 // indirect 16 | github.com/alexflint/go-filemutex v1.3.0 // indirect 17 | github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect 18 | github.com/aws/aws-sdk-go v1.45.5 // indirect 19 | github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect 20 | github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect 21 | github.com/go-errors/errors v1.5.0 // indirect 22 | github.com/go-openapi/jsonpointer v0.20.0 // indirect 23 | github.com/go-openapi/jsonreference v0.20.2 // indirect 24 | github.com/go-openapi/swag v0.22.4 // indirect 25 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect 26 | github.com/golang/protobuf v1.5.3 // indirect 27 | github.com/google/gnostic-models v0.6.8 // indirect 28 | github.com/google/go-cmp v0.6.0 // indirect 29 | github.com/google/s2a-go v0.1.7 // indirect 30 | github.com/google/uuid v1.3.1 // indirect 31 | github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect 32 | github.com/googleapis/gax-go/v2 v2.12.0 // indirect 33 | github.com/gruntwork-io/terratest v0.47.1 // indirect 34 | github.com/hashicorp/errwrap v1.1.0 // indirect 35 | github.com/hashicorp/go-cleanhttp v0.5.2 // indirect 36 | github.com/hashicorp/go-getter v1.7.6 // indirect 37 | github.com/hashicorp/go-multierror v1.1.1 // indirect 38 | github.com/hashicorp/go-safetemp v1.0.0 // indirect 39 | github.com/hashicorp/go-version v1.6.0 // indirect 40 | github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f // indirect 41 | github.com/hashicorp/hcl/v2 v2.20.1 // indirect 42 | github.com/hashicorp/terraform-config-inspect v0.0.0-20240801114854-6714b46f5fe4 // indirect 43 | github.com/hashicorp/terraform-json v0.22.1 // indirect 44 | github.com/jinzhu/copier v0.4.0 // indirect 45 | github.com/jmespath/go-jmespath v0.4.0 // indirect 46 | github.com/josharian/intern v1.0.0 // indirect 47 | github.com/klauspost/compress v1.16.7 // indirect 48 | github.com/mailru/easyjson v0.7.7 // indirect 49 | github.com/mattn/go-zglob v0.0.4 // indirect 50 | github.com/mitchellh/go-homedir v1.1.0 // indirect 51 | github.com/mitchellh/go-testing-interface v1.14.2-0.20210821155943-2d9075ca8770 // indirect 52 | github.com/mitchellh/go-wordwrap v1.0.1 // indirect 53 | github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect 54 | github.com/stretchr/testify v1.9.0 // indirect 55 | github.com/tidwall/gjson v1.17.3 // indirect 56 | github.com/tidwall/match v1.1.1 // indirect 57 | github.com/tidwall/pretty v1.2.1 // indirect 58 | github.com/tidwall/sjson v1.2.5 // indirect 59 | github.com/tmccombs/hcl2json v0.6.0 // indirect 60 | github.com/ulikunitz/xz v0.5.11 // indirect 61 | github.com/zclconf/go-cty v1.14.4 // indirect 62 | go.opencensus.io v0.24.0 // indirect 63 | golang.org/x/crypto v0.31.0 // indirect 64 | golang.org/x/mod v0.21.0 // indirect 65 | golang.org/x/net v0.25.0 // indirect 66 | golang.org/x/oauth2 v0.12.0 // indirect 67 | golang.org/x/sync v0.10.0 // indirect 68 | golang.org/x/sys v0.28.0 // indirect 69 | golang.org/x/text v0.21.0 // indirect 70 | golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect 71 | golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect 72 | google.golang.org/api v0.138.0 // indirect 73 | google.golang.org/appengine v1.6.8 // indirect 74 | google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect 75 | google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect 76 | google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect 77 | google.golang.org/grpc v1.58.3 // indirect 78 | google.golang.org/protobuf v1.33.0 // indirect 79 | gopkg.in/yaml.v3 v3.0.1 // indirect 80 | k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect 81 | sigs.k8s.io/kustomize/kyaml v0.17.2 // indirect 82 | sigs.k8s.io/yaml v1.4.0 // indirect 83 | ) 84 | -------------------------------------------------------------------------------- /test/integration/agent_policy_detailed_example/controls/gcloud.rb: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | control "gcloud" do 16 | title "gcloud" 17 | 18 | describe command("gcloud --project=#{attribute("project_id")} services list --enabled") do 19 | its(:exit_status) { should eq 0 } 20 | its(:stderr) { should eq "" } 21 | its(:stdout) { should match "logging.googleapis.com" } 22 | its(:stdout) { should match "monitoring.googleapis.com" } 23 | its(:stdout) { should match "osconfig.googleapis.com" } 24 | end 25 | 26 | describe command("gcloud beta compute instances ops-agents policies describe " \ 27 | "ops-agents-test-policy-detailed --project=#{attribute("project_id")} --quiet") do 28 | its(:exit_status) { should eq 0 } 29 | its(:stderr) { should eq "" } 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /test/integration/agent_policy_detailed_example/inspec.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | name: simple_example 16 | depends: 17 | - name: inspec-gcp 18 | git: https://github.com/inspec/inspec-gcp.git 19 | tag: v0.10.0 20 | attributes: 21 | - name: project_id 22 | required: true 23 | type: string 24 | -------------------------------------------------------------------------------- /test/integration/agent_policy_simple_example/controls/gcloud.rb: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | control "gcloud" do 16 | title "gcloud" 17 | 18 | describe command("gcloud --project=#{attribute("project_id")} services list --enabled") do 19 | its(:exit_status) { should eq 0 } 20 | its(:stderr) { should eq "" } 21 | its(:stdout) { should match "logging.googleapis.com" } 22 | its(:stdout) { should match "monitoring.googleapis.com" } 23 | its(:stdout) { should match "osconfig.googleapis.com" } 24 | end 25 | 26 | describe command("gcloud beta compute instances ops-agents policies describe " \ 27 | "ops-agents-test-policy-simple --project=#{attribute("project_id")} --quiet") do 28 | its(:exit_status) { should eq 0 } 29 | its(:stderr) { should eq "" } 30 | end 31 | end 32 | -------------------------------------------------------------------------------- /test/integration/agent_policy_simple_example/inspec.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | name: simple_example 16 | depends: 17 | - name: inspec-gcp 18 | git: https://github.com/inspec/inspec-gcp.git 19 | tag: v0.10.0 20 | attributes: 21 | - name: project_id 22 | required: true 23 | type: string 24 | -------------------------------------------------------------------------------- /test/integration/agent_policy_update_example/controls/gcloud.rb: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | project_id = attribute('project_id') 16 | description = attribute('description') 17 | agent_rules = attribute('agent_rules') 18 | group_labels = attribute('group_labels') 19 | os_types = attribute('os_types') 20 | zones = attribute('zones') 21 | instances = attribute('instances') 22 | 23 | control "gcloud" do 24 | title "gcloud" 25 | 26 | describe command("gcloud beta compute instances ops-agents policies describe " \ 27 | "ops-agents-test-policy-update --project=#{attribute("project_id")} " \ 28 | "--quiet --format=json") do 29 | its(:exit_status) { should eq 0 } 30 | its(:stderr) { should eq "" } 31 | 32 | let!(:data) do 33 | if subject.exit_status == 0 34 | JSON.parse(subject.stdout) 35 | else 36 | {} 37 | end 38 | end 39 | 40 | 41 | describe "description" do 42 | it "is equal to the description created by the module" do 43 | expect(data['description']).to eq description 44 | end 45 | end 46 | 47 | describe "agent_rules" do 48 | it "is equal to the agent_rules created by the module" do 49 | data['agent_rules'].zip(agent_rules).each do |agent_rule_actual, agent_rule_expected| 50 | agent_rule_actual = agent_rule_actual.transform_keys(&:to_sym) 51 | expect(agent_rule_actual).to eq agent_rule_expected 52 | end 53 | end 54 | end 55 | 56 | describe "group_labels" do 57 | it "is equal to the group_labels created by the module" do 58 | if group_labels == [] 59 | expect(data['assignment']['group_labels']).to eq group_labels 60 | else 61 | data['assignment']['group_labels'].zip(group_labels).each do \ 62 | |group_labels_actual, group_labels_expected| 63 | group_labels_actual = group_labels_actual.transform_keys(&:to_sym) 64 | expect(group_labels_actual).to eq group_labels_expected 65 | end 66 | end 67 | end 68 | end 69 | 70 | describe "os_types" do 71 | it "is equal to the os_types created by the module" do 72 | data['assignment']['os_types'].zip(os_types).each do \ 73 | |os_types_actual, os_types_expected| 74 | os_types_actual = os_types_actual.transform_keys(&:to_sym) 75 | expect(os_types_actual).to eq os_types_expected 76 | end 77 | end 78 | end 79 | 80 | describe "zones" do 81 | it "is equal to the zones created by the module" do 82 | expect(data['assignment']['zones']).to eq zones 83 | end 84 | end 85 | 86 | describe "instances" do 87 | it "is equal to the instances created by the module" do 88 | expect(data['assignment']['instances']).to eq instances 89 | end 90 | end 91 | end 92 | end 93 | -------------------------------------------------------------------------------- /test/integration/agent_policy_update_example/inspec.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Google LLC 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | name: update_example 16 | depends: 17 | - name: inspec-gcp 18 | git: https://github.com/inspec/inspec-gcp.git 19 | tag: v0.10.0 20 | attributes: 21 | - name: project_id 22 | required: true 23 | type: string 24 | - name: description 25 | required: false 26 | type: string 27 | default: "None" 28 | - name: agent_rules 29 | required: true 30 | type: any 31 | - name: group_labels 32 | required: false 33 | type: any 34 | default: [] 35 | - name: os_types 36 | required: true 37 | type: any 38 | - name: zones 39 | required: false 40 | type: any 41 | default: [] 42 | - name: instances 43 | required: false 44 | type: any 45 | default: [] 46 | -------------------------------------------------------------------------------- /test/integration/discover_test.go: -------------------------------------------------------------------------------- 1 | // Copyright 2022 Google LLC 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package test 16 | 17 | import ( 18 | "testing" 19 | 20 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" 21 | ) 22 | 23 | func TestAll(t *testing.T) { 24 | tft.AutoDiscoverAndTest(t) 25 | } 26 | -------------------------------------------------------------------------------- /test/integration/https_uptime_url_check/https_uptime_url_check_test.go: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2023 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package https_uptime_url_check 18 | 19 | import ( 20 | "testing" 21 | 22 | // import the blueprints test framework modules for testing and assertions 23 | 24 | "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" 25 | ) 26 | 27 | // name the function as Test* 28 | func TestUptimeCheckModule(t *testing.T) { 29 | 30 | // initialize Terraform test from the blueprint test framework 31 | uptimeCheckT := tft.NewTFBlueprintTest(t) 32 | // call the test function to execute the integration test 33 | uptimeCheckT.Test() 34 | } 35 | -------------------------------------------------------------------------------- /test/setup/.gitignore: -------------------------------------------------------------------------------- 1 | terraform.tfvars 2 | source.sh 3 | -------------------------------------------------------------------------------- /test/setup/iam.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | locals { 18 | int_required_roles = [ 19 | "roles/owner", 20 | "roles/osconfig.guestPolicyAdmin", 21 | "roles/monitoring.metricWriter", 22 | "roles/logging.logWriter" 23 | ] 24 | } 25 | 26 | resource "google_service_account" "int_test" { 27 | project = module.project.project_id 28 | account_id = "ci-account" 29 | display_name = "ci-account" 30 | } 31 | 32 | resource "google_project_iam_member" "int_test" { 33 | count = length(local.int_required_roles) 34 | 35 | project = module.project.project_id 36 | role = local.int_required_roles[count.index] 37 | member = "serviceAccount:${google_service_account.int_test.email}" 38 | } 39 | 40 | resource "google_service_account_key" "int_test" { 41 | service_account_id = google_service_account.int_test.id 42 | } 43 | 44 | resource "google_compute_project_metadata" "int_test" { 45 | project = module.project.project_id 46 | metadata = { 47 | enable-guest-attributes = "TRUE" 48 | enable-osconfig = "TRUE" 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /test/setup/main.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | provider "google" {} 18 | 19 | provider "google-beta" {} 20 | 21 | module "project" { 22 | source = "terraform-google-modules/project-factory/google" 23 | version = "~> 17.0" 24 | 25 | name = "ci-cloud-operations" 26 | random_project_id = "true" 27 | org_id = var.org_id 28 | folder_id = var.folder_id 29 | billing_account = var.billing_account 30 | 31 | activate_apis = [ 32 | "cloudresourcemanager.googleapis.com", 33 | "serviceusage.googleapis.com", 34 | "logging.googleapis.com", 35 | "monitoring.googleapis.com", 36 | "osconfig.googleapis.com" 37 | ] 38 | } 39 | -------------------------------------------------------------------------------- /test/setup/outputs.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | output "project_id" { 18 | value = module.project.project_id 19 | } 20 | 21 | output "sa_key" { 22 | value = google_service_account_key.int_test.private_key 23 | sensitive = true 24 | } 25 | -------------------------------------------------------------------------------- /test/setup/variables.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | variable "org_id" { 17 | description = "The numeric organization id" 18 | } 19 | 20 | variable "folder_id" { 21 | description = "The folder to deploy in" 22 | } 23 | 24 | variable "billing_account" { 25 | description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ" 26 | } 27 | -------------------------------------------------------------------------------- /test/setup/versions.tf: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright 2019 Google LLC 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | terraform { 18 | required_version = ">= 0.13" 19 | 20 | required_providers { 21 | google = { 22 | source = "hashicorp/google" 23 | version = ">= 3.25.0" 24 | } 25 | google-beta = { 26 | source = "hashicorp/google-beta" 27 | version = ">= 3.54.0" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /test/task_helper_functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 Google LLC 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | function test_bats() { 18 | SCRIPT_DIR="$( realpath "$( dirname "${BASH_SOURCE[0]}" )" )" 19 | TEST_PATH="${SCRIPT_DIR}/agent-policy-tests/test-script-utils.bats" 20 | bats "$TEST_PATH" 21 | } 22 | 23 | function test_integration_update() { 24 | SCRIPT_DIR="$( realpath "$( dirname "${BASH_SOURCE[0]}" )" )" 25 | TEST_PATH="${SCRIPT_DIR}/agent-policy-tests/test-integration-update.sh" 26 | "$TEST_PATH" 27 | } 28 | --------------------------------------------------------------------------------