Terraform module to manage Google Filestore service resource (batteries included).
module "example" {
source = "Tensho/filestore/google"
version = "1.0.0"
name = "Example"
description = "Managed by Terraform Test"
tier = "STANDARD"
protocol = "NFS_V3"
file_shares = {
name = "warehouse"
capacity_gb = 1024
nfs_export_options = [
{
ip_ranges = ["10.0.0.0/24"]
access_mode = "READ_WRITE"
squash_mode = "NO_ROOT_SQUASH"
},
{
ip_ranges = ["10.10.0.0/24"]
access_mode = "READ_ONLY"
squash_mode = "ROOT_SQUASH"
anon_uid = 123
anon_gid = 456
},
]
}
networks = {
network = "default"
modes = ["MODE_IPV4"]
connect_mode = "DIRECT_PEERING"
}
kms_key_name = "projects/example/locations/global/keyRings/example/cryptoKeys/example"
deletion_protection_enabled = true
deletion_protection_reason = "VIP"
performance_config = {
iops_per_tb = {
max_iops_per_tb = 1000
}
}
}
Check out comprehensive examples in test
folder.
- Auto (scheduled) backups. Unfortunately Google doesn't support automatic Filestore instance backup out-of-the box (Google Issue Tracker). This module provides this functionality with Cloud Scheduler and Workflow services workaround (Scheduling backups. Check out requirements section for more information.
Warning
This module doesn't implement backups cleanup.
Name | Version |
---|---|
terraform | >= 1.7.0 |
archive | >= 2.7 |
>= 6.12 |
Name | Version |
---|---|
archive | 2.7.0 |
6.14.0 |
No modules.
Name | Type |
---|---|
google_cloud_run_service_iam_binding.filestore_backup_scheduler_invoker | resource |
google_cloud_scheduler_job.backup | resource |
google_cloudfunctions2_function.backup | resource |
google_filestore_instance.default | resource |
google_project_iam_binding.filestore_backup_runner_file_editor | resource |
google_service_account.filestore_backup_runner | resource |
google_service_account.filestore_backup_scheduler | resource |
google_service_account_iam_binding.cloudscheduler_agent_filestore_backup_scheduler | resource |
google_storage_bucket_object.function_source | resource |
archive_file.backup_function | data source |
google_client_config.current | data source |
google_project.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
auto_backup_function_location | Google Cloud Run Function location (region) for Google Filestore instance auto backup. | string |
null |
no |
auto_backup_function_storage_bucket_name | Google Cloud Storage bucket name for Filestore automatic backup retention days. | string |
null |
no |
auto_backup_schedule | Google Cloud Scheduler job schedule (cron) for Google Filestore instance auto backup. | string |
"0 0 * * *" |
no |
auto_backup_time_zone | Google Cloud Scheduler job time zone for Google Filestore instance auto backup. | string |
"Etc/UTC" |
no |
deletion_protection_enabled | Google Filestore instance data deletion protection switch. | string |
false |
no |
deletion_protection_reason | Google Filestore instance data deletion protection reason. | string |
null |
no |
description | Google Filestore instance description | string |
"Managed by Terraform" |
no |
enable_auto_backup | Google Filestore instance auto backup switch. | bool |
false |
no |
file_shares | Google Filestore instance file shares. | object({ |
n/a | yes |
kms_key_name | Google KMS key name used for Filestore instance data encryption. | string |
null |
no |
labels | Google Filestore instance labels. | map(string) |
{} |
no |
location | Google Filestore instance location (zone, region) | string |
n/a | yes |
name | Google Filestore instance name | string |
n/a | yes |
networks | Google Filestore instance networks. | object({ |
n/a | yes |
performance_config | Google Filestore instance performance configuration. | object({ |
null |
no |
protocol | Google Filestore instance protocol (NFS_V3, NFS_V4_1) | string |
null |
no |
tier | Google Filestore instance tier (STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL, ENTERPRISE). | string |
n/a | yes |
Name | Description |
---|---|
filestore_instance | Google Filestore instance. |
User or service account credentials with the following roles must be used to provision the resources of this module:
- Cloud Filestore Editor:
roles/file.editor
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
- Project Owner:
roles/owner
(TODO: refine permissions)
A project with the following APIs enabled must be used to host the resources of this module:
- Google Filestore API:
file.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
- Artifact Registry API:
artifactregistry.googleapis.com
- Cloud Build API:
cloudbuild.googleapis.com
- Filestore API:
file.googleapis.com
- Cloud Functions API:
cloudfunctions.googleapis.com
- Cloud Logging API:
logging.googleapis.com
- Pub/Sub API:
pubsub.googleapis.com
- Cloud Run Admin API:
run.googleapis.com
- Cloud Scheduler API:
cloudscheduler.googleapis.com
This project uses conventional commits.
brew install pre-commit tfswitch terraform-docs tflint
pre-commit install --install-hooks
gcloud auth application-default login --project=terraform-test
export GOOGLE_PROJECT=terraform-test
export GOOGLE_REGION=us-central1
export GOOGLE_ZONE=us-central1-a
By default, when you run the terraform test command, Terraform looks for *.tftest.hcl
files in both the root directory
and in the tests
directory.
terraform init
terraform test # run all tests
terraform test -filter tests/basic.tftest.hcl -verbose # run specific tests