Add GCP pre-reqs module

Signed-off-by: Jim Enright <[email protected]>

modules/terraform-cdp-gcp-pre-reqs/.terraform-docs.yaml

@@ -0,0 +1,21 @@
+formatter: markdown
+header-from: doc_fragments/header.md
+settings:
+  anchor: true
+  color: true
+  default: true
+  escape: true
+  html: true
+  indent: 2
+  required: true
+  sensitive: true
+  type: true
+
+
+sort:
+  enabled: true
+  by: required
+
+output:
+  file: README.md
+  mode: replace

modules/terraform-cdp-gcp-pre-reqs/data.tf

@@ -0,0 +1,17 @@
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Retrieve project details
+data "google_project" "project" {}

modules/terraform-cdp-gcp-pre-reqs/defaults.tf

@@ -0,0 +1,97 @@
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+locals {
+  # ------- Global settings -------
+  env_tags = merge(var.agent_source_tag, (
+    coalesce(var.env_tags,
+      { env_prefix = var.env_prefix }
+    ))
+  )
+
+  # ------- Network Resources -------
+  vpc_name = coalesce(var.vpc_name, "${var.env_prefix}-net")
+
+  # VPC Peering for CloudSQL
+  managed_services_global_address_name = coalesce(var.managed_services_global_address_name, "${var.env_prefix}-svc-address")
+
+  # Firewall
+  firewall_internal_name = coalesce(var.firewall_internal_name, "${var.env_prefix}-allow-internal-fw")
+  firewall_default_name  = coalesce(var.firewall_default_name, "${var.env_prefix}-default-fw")
+  firewall_knox_name     = coalesce(var.firewall_knox_name, "${var.env_prefix}-knox-fw")
+
+  cdp_vpc_name = (var.create_vpc ?
+  module.gcp_cdp_vpc[0].vpc_name : var.cdp_vpc_name)
+
+  cdp_subnet_names = (var.create_vpc ?
+  module.gcp_cdp_vpc[0].vpc_cdp_subnet_names : var.cdp_subnet_names)
+
+  cdp_subnet_private_ip_google_access = contains(["public", "private"], var.deployment_template) ? true : false
+
+  compute_router_name = coalesce(var.compute_router_name, "${var.env_prefix}-router")
+
+  compute_router_nat_name = coalesce(var.compute_router_nat_name, "${var.env_prefix}-nat")
+
+  # ------- Storage Resources -------
+  storage_suffix = var.random_id_for_bucket ? one(random_id.bucket_suffix).hex : ""
+
+  # By default the storage bucket region is var.gcp_region
+  bucket_storage_region = coalesce(var.bucket_storage_region, var.gcp_region)
+
+  # Default storage bucket is based on env_prefix
+  default_storage_name = "${var.env_prefix}-buk"
+
+  data_storage_bucket = coalesce(var.data_storage_bucket, "${local.default_storage_name}-data")
+
+  log_storage_bucket = coalesce(var.log_storage_bucket, "${local.default_storage_name}-logs")
+
+  backup_storage_bucket = coalesce(var.backup_storage_bucket, "${local.default_storage_name}-backup")
+
+  # ------- Authz Resources -------
+
+  # Cross Account
+  xaccount_service_account_name = coalesce(var.xaccount_service_account_name, "${var.env_prefix}-xaccount-sa")
+  xaccount_service_account_id   = replace(local.xaccount_service_account_name, "/[_]/", "-")
+
+  # Custom Roles
+  # ...Log data access role
+  log_data_access_custom_role_name = coalesce(var.log_data_access_custom_role_name, "${var.env_prefix}-log-role")
+  log_data_access_custom_role_id   = replace(local.log_data_access_custom_role_name, "/[-]/", "_")
+
+  # ...Ranger Audit and Datalake Admin Role
+  datalake_admin_custom_role_name = coalesce(var.datalake_admin_custom_role_name, "${var.env_prefix}-data-role")
+  datalake_admin_custom_role_id   = replace(local.datalake_admin_custom_role_name, "/[-]/", "_")
+
+  # ...IDBroker Role
+  idbroker_custom_role_name = coalesce(var.idbroker_custom_role_name, "${var.env_prefix}-idbroker-role")
+  idbroker_custom_role_id   = replace(local.idbroker_custom_role_name, "/[-]/", "_")
+
+  # Operational Service Accounts
+  # ...Log Service Account
+  log_service_account_name = coalesce(var.log_service_account_name, "${var.env_prefix}-log-sa")
+  log_service_account_id   = replace(local.log_service_account_name, "/[_]/", "-")
+
+  # ...Datalake Admin Service Account
+  datalake_admin_service_account_name = coalesce(var.datalake_admin_service_account_name, "${var.env_prefix}-dladmin-sa")
+  datalake_admin_service_account_id   = replace(local.datalake_admin_service_account_name, "/[_]/", "-")
+
+  # ...Ranger Audit Service Account
+  ranger_audit_service_account_name = coalesce(var.ranger_audit_service_account_name, "${var.env_prefix}-rgraudit-sa")
+  ranger_audit_service_account_id   = replace(local.ranger_audit_service_account_name, "/[_]/", "-")
+
+  # ...IDBroker Service Account
+  idbroker_service_account_name = coalesce(var.idbroker_service_account_name, "${var.env_prefix}-idbroker-sa")
+  idbroker_service_account_id   = replace(local.idbroker_service_account_name, "/[_]/", "-")
+
+}

modules/terraform-cdp-gcp-pre-reqs/doc_fragments/header.md

@@ -0,0 +1,11 @@
+# Terraform Module for CDP Prerequisites on Azure
+
+This module contains resource files and example variable definition files for creation of the pre-requisite Google Cloud Platform (GCP) resources required for Cloudera Data Platform (CDP) Public Cloud.
+
+## Usage
+
+The [examples](./examples) directory has example GCP Cloud Service Provider deployments for different scenarios:
+
+* `ex01-minimal-inputs` uses the minimum set of inputs for the module.
+
+In each directory an example `terraform.tfvars.sample` values file is included to show input variable values.

modules/terraform-cdp-gcp-pre-reqs/examples/ex01-minimal_inputs/main.tf

@@ -0,0 +1,30 @@
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+provider "google" {
+  project = var.gcp_project
+  region  = var.gcp_region
+}
+
+module "ex01_minimal_inputs" {
+  source = "../.."
+
+  env_prefix = var.env_prefix
+  gcp_region = var.gcp_region
+
+  deployment_template = var.deployment_template
+
+  ingress_extra_cidrs_and_ports = var.ingress_extra_cidrs_and_ports
+
+}

modules/terraform-cdp-gcp-pre-reqs/examples/ex01-minimal_inputs/terraform.tfvars.sample

@@ -0,0 +1,31 @@
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ------- Global settings -------
+env_prefix = "<ENTER_VALUE>" # Required name prefix for cloud and CDP resources, e.g. cldr1
+
+# ------- Cloud Settings -------
+gcp_project = "<ENTER_VALUE>" # Change this to specify the GCP Project ID
+
+gcp_region = "<ENTER_VALUE>" # Change this to specify Cloud Provider region, e.g. europe-west2
+
+# ------- CDP Environment Deployment -------
+deployment_template = "<ENTER_VALUE>"  # Specify the deployment pattern below. Options are public, semi-private or private
+
+# ------- Network Settings -------
+# **NOTE: If required change the values below any additional CIDRs to add the the AWS Security Groups**
+ingress_extra_cidrs_and_ports = {
+ cidrs = ["<ENTER_IP_VALUE>/32", "<ENTER_IP_VALUE>/32"],
+ ports = [443, 22]
+}

modules/terraform-cdp-gcp-pre-reqs/examples/ex01-minimal_inputs/variables.tf

@@ -0,0 +1,45 @@
+# Copyright 2023 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ------- Global settings -------
+variable "env_prefix" {
+  type        = string
+  description = "Shorthand name for the environment. Used in resource descriptions"
+}
+
+variable "gcp_project" {
+  type        = string
+  description = "Region which Cloud resources will be created"
+}
+
+variable "gcp_region" {
+  type        = string
+  description = "Region which Cloud resources will be created"
+}
+
+# ------- CDP Environment Deployment -------
+variable "deployment_template" {
+  type = string
+
+  description = "Deployment Pattern to use for Cloud resources and CDP"
+}
+
+# ------- Network Resources -------
+variable "ingress_extra_cidrs_and_ports" {
+  type = object({
+    cidrs = list(string)
+    ports = list(number)
+  })
+  description = "List of extra CIDR blocks and ports to include in Security Group Ingress rules"
+}