feat: harden gcp-with-psc-exfiltration-protection module and example#231
feat: harden gcp-with-psc-exfiltration-protection module and example#231micheledaddetta-databricks wants to merge 6 commits into
Conversation
…165) Add validation blocks, expand outputs, fix descriptions, and add required Terraform version for the GCP PSC exfiltration protection module and its matching example. - Add validation blocks for account ID (UUID), region (PSC-supported), prefix (naming pattern), hive metastore IP (IPv4), and CIDRs - Fix psc_subnet_cidr description (was incorrectly "CIDR for Spoke VPC") - Expand module outputs from 2 to 10 (VPC IDs, subnet IDs, PSC IPs) - Add required_version >= 1.9.0 to both module and example - Remove provider version pins (templates, not production modules) - Add .claude/ and CLAUDE.md to .gitignore - Organize variables with section comments Co-authored-by: Isaac
There was a problem hiding this comment.
Pull request overview
Hardens the existing gcp-with-psc-exfiltration-protection Terraform module and its example by adding input validations, expanding outputs, and aligning version/provider constraints and ignore rules with the repository’s template conventions.
Changes:
- Added variable validation for account ID, region, naming prefix, hive metastore IP, and CIDR inputs (module + example).
- Expanded module outputs to expose key network identifiers and PSC endpoint IPs.
- Standardized Terraform
required_versionand removed provider version pins; updated.gitignoreto exclude Claude tooling files.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| modules/gcp-with-psc-exfiltration-protection/variables.tf | Adds variable organization + validation blocks for core inputs. |
| modules/gcp-with-psc-exfiltration-protection/terraform.tf | Sets required_version >= 1.9.0 and keeps providers unpinned. |
| modules/gcp-with-psc-exfiltration-protection/outputs.tf | Adds outputs for VPC/subnet/network IDs and PSC endpoint IPs. |
| examples/gcp-with-psc-exfiltration-protection/variables.tf | Mirrors module validations and reorganizes variable sections. |
| examples/gcp-with-psc-exfiltration-protection/terraform.tf | Sets required_version >= 1.9.0 and removes provider version pins. |
| .gitignore | Ignores .claude/ and CLAUDE.md. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Address PR review feedback on #165. - Restore explicit provider version constraints in the example (databricks >=1.85.0, google ~> 6.45) so a fresh init does not drift to whatever the registry serves; lock files are not committed in this repo. - Regenerate terraform-docs README blocks for both the module and the example so Requirements, input descriptions, and outputs reflect the current source. Co-authored-by: Isaac
|
Hello @alexott , changes implemented as required. Let me know if additional changes are required. |
Summary
Closes #165
Hardens the existing
gcp-with-psc-exfiltration-protectionmodule and example to align with repo conventions:databricks_account_id(UUID),google_region(PSC-supported regions enum),prefix(naming pattern),hive_metastore_ip(IPv4), and all CIDR variablespsc_subnet_cidrdescription (was incorrectly "CIDR for Spoke VPC")required_version >= 1.9.0to both module and example.claude/andCLAUDE.mdto.gitignoreTest plan
terraform fmt -check -recursivepasses on changed filesterraform validatepasses on the module (requires provider init)module.gcp_with_data_exfiltration_protection.*