Fix Shielded Folder - VertexML interoperability (#1355)

* Fix Shielded Folder - VertexML interoperability * Fix README outputs * Adding prefix for keyrings and update output
GoogleCloudPlatform · May 5, 2023 · 4d66623 · 4d66623
1 parent e333b6f
commit 4d66623
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 8 deletions.
diff --git a/blueprints/data-solutions/shielded-folder/README.md b/blueprints/data-solutions/shielded-folder/README.md
@@ -176,9 +176,9 @@ terraform apply
 |---|---|:---:|
 | [folders](outputs.tf#L15) | Folders id. |  |
 | [folders_sink_writer_identities](outputs.tf#L23) | Folders id. |  |
+| [kms_keys](outputs.tf#L31) | Cloud KMS encryption keys created. |  |
 
 <!-- END TFDOC -->
-
 ## Test
 
 ```hcl

diff --git a/blueprints/data-solutions/shielded-folder/kms.tf b/blueprints/data-solutions/shielded-folder/kms.tf
@@ -81,7 +81,7 @@ module "sec-kms" {
   project_id = module.sec-project[0].project_id
   keyring = {
     location = each.key
-    name     = "${each.key}"
+    name     = "sec-${each.key}"
   }
   # rename to `key_iam` to switch to authoritative bindings
   key_iam_additive = {
@@ -96,7 +96,7 @@ module "log-kms" {
   project_id = module.sec-project[0].project_id
   keyring = {
     location = each.key
-    name     = "${each.key}"
+    name     = "log-${each.key}"
   }
   keys = local.kms_log_locations_keys[each.key]
 }
diff --git a/blueprints/data-solutions/shielded-folder/outputs.tf b/blueprints/data-solutions/shielded-folder/outputs.tf
@@ -28,3 +28,7 @@ output "folders_sink_writer_identities" {
   }
 }
 
+output "kms_keys" {
+  description = "Cloud KMS encryption keys created."
+  value       = { for k, v in module.sec-kms : k => v.key_ids }
+}
diff --git a/blueprints/data-solutions/vertex-mlops/README.md b/blueprints/data-solutions/vertex-mlops/README.md
@@ -74,7 +74,6 @@ module "test" {
 }
 # tftest modules=11 resources=60
 ```
-
 <!-- BEGIN TFDOC -->
 
 ## Variables
@@ -101,7 +100,7 @@ module "test" {
 |---|---|:---:|
 | [github](outputs.tf#L30) | Github Configuration. |  |
 | [notebook](outputs.tf#L35) | Vertex AI notebooks ids. |  |
-| [project](outputs.tf#L43) | The project resource as return by the `project` module. |  |
+| [project_id](outputs.tf#L43) | Project ID. |  |
 
 <!-- END TFDOC -->
 ## Test

diff --git a/blueprints/data-solutions/vertex-mlops/main.tf b/blueprints/data-solutions/vertex-mlops/main.tf
@@ -242,6 +242,7 @@ module "project" {
   service_encryption_key_ids = {
     aiplatform    = [var.service_encryption_keys.aiplatform]
     bq            = [var.service_encryption_keys.bq]
+    compute       = [var.service_encryption_keys.notebooks]
     cloudbuild    = [var.service_encryption_keys.storage]
     notebooks     = [var.service_encryption_keys.notebooks]
     secretmanager = [var.service_encryption_keys.secretmanager]

diff --git a/blueprints/data-solutions/vertex-mlops/outputs.tf b/blueprints/data-solutions/vertex-mlops/outputs.tf
@@ -40,7 +40,7 @@ output "notebook" {
   )
 }
 
-output "project" {
-  description = "The project resource as return by the `project` module."
-  value       = module.project
+output "project_id" {
+  description = "Project ID."
+  value       = module.project.project_id
 }