# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- name: 'Instance' kind: 'securesourcemanager#instance' description: 'Instances are deployed to an available Google Cloud region and are accessible via their web interface.' references: guides: 'Official Documentation': 'https://cloud.google.com/secure-source-manager/docs/create-instance' api: 'https://cloud.google.com/secure-source-manager/docs/reference/rest/v1/projects.locations.instances' docs: base_url: 'projects/{{project}}/locations/{{location}}/instances?instance_id={{instance_id}}' self_link: 'projects/{{project}}/locations/{{location}}/instances/{{instance_id}}' immutable: true import_format: - 'projects/{{project}}/locations/{{location}}/instances/{{instance_id}}' - '{{instance_id}}' timeouts: insert_minutes: 120 update_minutes: 120 delete_minutes: 120 autogen_async: true async: actions: ['create', 'delete'] type: 'OpAsync' operation: base_url: '{{op_id}}' timeouts: insert_minutes: 120 update_minutes: 120 delete_minutes: 120 result: resource_inside_response: false iam_policy: method_name_separator: ':' allowed_iam_role: 'roles/securesourcemanager.instanceManager' admin_iam_role: 'roles/securesourcemanager.instanceOwner' parent_resource_attribute: 'instance_id' example_config_body: 'templates/terraform/iam/iam_attributes.go.tmpl' import_format: - 'projects/{{project}}/locations/{{location}}/instances/{{instance_id}}' - '{{instance_id}}' custom_code: examples: - name: 'secure_source_manager_instance_basic' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' vars: instance_id: 'my-instance' prevent_destroy: 'true' test_vars_overrides: 'prevent_destroy': 'false' oics_vars_overrides: 'prevent_destroy': 'false' ignore_read_extra: - 'update_time' - name: 'secure_source_manager_instance_cmek' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' vars: instance_id: 'my-instance' kms_key_name: 'my-key' prevent_destroy: 'true' test_vars_overrides: 'prevent_destroy': 'false' 'kms_key_name': 'acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-central1", "tf-bootstrap-secure-source-manager-key1").CryptoKey.Name' oics_vars_overrides: 'prevent_destroy': 'false' ignore_read_extra: - 'update_time' - name: 'secure_source_manager_instance_private' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' vars: instance_id: 'my-instance' ca_pool_id: 'ca-pool' root_ca_id: 'root-ca' prevent_destroy: 'true' test_vars_overrides: 'prevent_destroy': 'false' oics_vars_overrides: 'prevent_destroy': 'false' external_providers: ["time"] ignore_read_extra: - 'update_time' - name: 'secure_source_manager_instance_private_psc_backend' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' vars: network_id: 'my-network' subnet_id: 'my-subnet' neg_id: 'my-neg' backend_id: 'my-backend-service' proxy_subnet_id: 'my-proxy-subnet' target_proxy_id: 'my-target-proxy' fw_rule_to_target_proxy_id: 'fw-rule-target-proxy' dns_zone_id: 'my-dns-zone' instance_id: 'my-instance' ca_pool_id: 'ca-pool' root_ca_id: 'root-ca' prevent_destroy: 'true' test_vars_overrides: 'prevent_destroy': 'false' oics_vars_overrides: 'prevent_destroy': 'false' external_providers: ["time"] ignore_read_extra: - 'update_time' - name: 'secure_source_manager_instance_private_psc_endpoint' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' vars: network_id: 'my-network' subnet_id: 'my-subnet' address_id: 'my-address' fw_rule_to_service_attachment_id: 'fw-rule-service-attachment' dns_zone_id: 'my-dns-zone' instance_id: 'my-instance' ca_pool_id: 'ca-pool' root_ca_id: 'root-ca' prevent_destroy: 'true' test_vars_overrides: 'prevent_destroy': 'false' oics_vars_overrides: 'prevent_destroy': 'false' external_providers: ["time"] ignore_read_extra: - 'update_time' - name: 'secure_source_manager_instance_workforce_identity_federation' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' vars: instance_id: 'my-instance' prevent_destroy: 'true' test_vars_overrides: 'prevent_destroy': 'false' oics_vars_overrides: 'prevent_destroy': 'false' ignore_read_extra: - 'update_time' parameters: - name: 'location' type: String description: | The location for the Instance. url_param_only: true required: true immutable: true - name: 'instance_id' type: String description: | The name for the Instance. url_param_only: true required: true immutable: true properties: - name: 'name' type: String description: | The resource name for the Instance. immutable: true output: true - name: 'createTime' type: Time description: | Time the Instance was created in UTC. output: true - name: 'updateTime' type: Time description: | Time the Instance was updated in UTC. output: true - name: 'labels' type: KeyValueLabels description: | Labels as key value pairs. - name: 'state' type: Enum description: | The current state of the Instance. output: true enum_values: - 'CREATING' - 'ACTIVE' - 'DELETING' - 'PAUSED' - 'UNKNOWN' - name: 'hostConfig' type: NestedObject description: | A list of hostnames for this instance. output: true properties: - name: 'html' type: String description: 'HTML hostname.' output: true - name: 'api' type: String description: 'API hostname.' output: true - name: 'gitHttp' type: String description: 'Git HTTP hostname.' output: true - name: 'gitSsh' type: String description: 'Git SSH hostname.' output: true - name: 'stateNote' type: Enum description: | Provides information about the current instance state. output: true enum_values: - 'STATE_NOTE_UNSPECIFIED' - 'PAUSED_CMEK_UNAVAILABLE' - 'INSTANCE_RESUMING' - name: 'kmsKey' type: String description: | Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*. immutable: true - name: 'privateConfig' type: NestedObject description: | Private settings for private instance. immutable: true properties: - name: 'isPrivate' type: Boolean description: | 'Indicate if it's private instance.' required: true immutable: true - name: 'caPool' type: String description: | CA pool resource, resource must in the format of `projects/{project}/locations/{location}/caPools/{ca_pool}`. required: true immutable: true - name: 'httpServiceAttachment' type: String description: | Service Attachment for HTTP, resource is in the format of `projects/{project}/regions/{region}/serviceAttachments/{service_attachment}`. output: true - name: 'sshServiceAttachment' type: String description: | Service Attachment for SSH, resource is in the format of `projects/{project}/regions/{region}/serviceAttachments/{service_attachment}`. output: true - name: 'workforceIdentityFederationConfig' type: NestedObject description: | Configuration for Workforce Identity Federation to support third party identity provider. If unset, defaults to the Google OIDC IdP. immutable: true properties: - name: 'enabled' type: Boolean description: | 'Whether Workforce Identity Federation is enabled.' required: true immutable: true