Terraform module to manage Google Filestore service resource (batteries included).
module "example" {
source = "Tensho/filestore/google"
version = "1.2.1"
name = "Example"
description = "Managed by Terraform Test"
tier = "STANDARD"
protocol = "NFS_V3"
file_shares = {
name = "warehouse"
capacity_gb = 1024
nfs_export_options = [
{
ip_ranges = ["10.0.0.0/24"]
access_mode = "READ_WRITE"
squash_mode = "NO_ROOT_SQUASH"
},
{
ip_ranges = ["10.10.0.0/24"]
access_mode = "READ_ONLY"
squash_mode = "ROOT_SQUASH"
anon_uid = 123
anon_gid = 456
},
]
}
networks = {
network = "default"
modes = ["MODE_IPV4"]
connect_mode = "DIRECT_PEERING"
}
kms_key_name = "projects/example/locations/global/keyRings/example/cryptoKeys/example"
deletion_protection_enabled = true
deletion_protection_reason = "VIP"
performance_config = {
iops_per_tb = {
max_iops_per_tb = 1000
}
}
}Check out comprehensive examples in tests folder.
- Auto (scheduled) backups. Unfortunately Google doesn't support automatic Filestore instance backup out-of-the box (Google Issue Tracker). This module provides this functionality with Cloud Scheduler and Workflow services workaround (Scheduling backups). Check out requirements section for more information.
Note
Backup retention/deletion is included as part of the automatic backup script (Cloud Function).
| Name | Version |
|---|---|
| terraform | >= 1.7.0 |
| archive | >= 2.7 |
| >= 6.12 |
| Name | Version |
|---|---|
| archive | 2.7.0 |
| 6.14.0 |
No modules.
| Name | Type |
|---|---|
| google_cloud_run_service_iam_binding.filestore_backup_scheduler_invoker | resource |
| google_cloud_scheduler_job.backup | resource |
| google_cloudfunctions2_function.backup | resource |
| google_filestore_instance.default | resource |
| google_project_iam_binding.filestore_backup_runner_file_editor | resource |
| google_project_iam_member.filestore_backup_runner_list | resource |
| google_service_account.filestore_backup_runner | resource |
| google_service_account.filestore_backup_scheduler | resource |
| google_service_account_iam_binding.cloudscheduler_agent_filestore_backup_scheduler | resource |
| google_storage_bucket_object.function_source | resource |
| archive_file.backup_function | data source |
| google_client_config.current | data source |
| google_project.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| auto_backup_function_location | Google Cloud Run Function location (region) for Google Filestore instance auto backup. | string |
null |
no |
| auto_backup_function_mem | Memory to allocate to the backup function | string |
"512Mi" |
no |
| auto_backup_function_storage_bucket_name | Google Cloud Run Function source bucket name for Filestore instance auto backup. | string |
null |
no |
| auto_backup_retention | Total number of backups to keep. Setting 0 keeps all | number |
0 |
no |
| auto_backup_schedule | Google Cloud Scheduler job schedule (cron) for Google Filestore instance auto backup. | string |
"0 0 * * *" |
no |
| auto_backup_time_zone | Google Cloud Scheduler job time zone for Google Filestore instance auto backup. | string |
"Etc/UTC" |
no |
| deletion_protection_enabled | Google Filestore instance data deletion protection switch. | bool |
false |
no |
| deletion_protection_reason | Google Filestore instance data deletion protection reason. | string |
null |
no |
| description | Google Filestore instance description | string |
"Managed by Terraform" |
no |
| enable_auto_backup | Google Filestore instance auto backup switch. | bool |
false |
no |
| file_shares | Google Filestore instance file shares. | object({ |
n/a | yes |
| kms_key_name | Google KMS key name used for Filestore instance data encryption. | string |
null |
no |
| labels | Google Filestore instance labels. | map(string) |
{} |
no |
| location | Google Filestore instance location (zone, region) | string |
n/a | yes |
| name | Google Filestore instance name | string |
n/a | yes |
| networks | Google Filestore instance networks. | object({ |
n/a | yes |
| performance_config | Google Filestore instance performance configuration. | object({ |
null |
no |
| protocol | Google Filestore instance protocol (NFS_V3, NFS_V4_1) | string |
null |
no |
| tier | Google Filestore instance tier (STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL, ENTERPRISE). | string |
n/a | yes |
| Name | Description |
|---|---|
| filestore_instance | Google Filestore instance. |
User or service account credentials with the following roles must be used to provision the resources of this module:
- Cloud Filestore Editor:
roles/file.editor
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
- Project Owner:
roles/owner(TODO: refine permissions)
A project with the following APIs enabled must be used to host the resources of this module:
- Google Filestore API:
file.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled. Alternatively, the APIs can be enabled via CLI:
gcloud services enable file.googleapis.com- Artifact Registry API:
artifactregistry.googleapis.com - Cloud Build API:
cloudbuild.googleapis.com - Filestore API:
file.googleapis.com - Cloud Functions API:
cloudfunctions.googleapis.com - Cloud Logging API:
logging.googleapis.com - Pub/Sub API:
pubsub.googleapis.com - Cloud Run Admin API:
run.googleapis.com - Cloud Scheduler API:
cloudscheduler.googleapis.com
This project uses conventional commits.
pre-commit install --install-hooksgcloud auth application-default login --project=terraform-test
export GOOGLE_PROJECT=terraform-test
export GOOGLE_REGION=europe-west2
export GOOGLE_ZONE=europe-west2-aBy default, when you run the terraform test command, Terraform looks for *.tftest.hcl files in both the root directory
and in the tests directory.
terraform init
terraform test # run all tests
terraform test -filter tests/basic.tftest.hcl -verbose # run specific tests