feat: harden gcp-with-psc-exfiltration-protection module and example#231
Open
micheledaddetta-databricks wants to merge 1 commit into
Open
feat: harden gcp-with-psc-exfiltration-protection module and example#231micheledaddetta-databricks wants to merge 1 commit into
micheledaddetta-databricks wants to merge 1 commit into
Conversation
…165) Add validation blocks, expand outputs, fix descriptions, and add required Terraform version for the GCP PSC exfiltration protection module and its matching example. - Add validation blocks for account ID (UUID), region (PSC-supported), prefix (naming pattern), hive metastore IP (IPv4), and CIDRs - Fix psc_subnet_cidr description (was incorrectly "CIDR for Spoke VPC") - Expand module outputs from 2 to 10 (VPC IDs, subnet IDs, PSC IPs) - Add required_version >= 1.9.0 to both module and example - Remove provider version pins (templates, not production modules) - Add .claude/ and CLAUDE.md to .gitignore - Organize variables with section comments Co-authored-by: Isaac
Contributor
There was a problem hiding this comment.
Pull request overview
Hardens the existing gcp-with-psc-exfiltration-protection Terraform module and its example by adding input validations, expanding outputs, and aligning version/provider constraints and ignore rules with the repository’s template conventions.
Changes:
- Added variable validation for account ID, region, naming prefix, hive metastore IP, and CIDR inputs (module + example).
- Expanded module outputs to expose key network identifiers and PSC endpoint IPs.
- Standardized Terraform
required_versionand removed provider version pins; updated.gitignoreto exclude Claude tooling files.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| modules/gcp-with-psc-exfiltration-protection/variables.tf | Adds variable organization + validation blocks for core inputs. |
| modules/gcp-with-psc-exfiltration-protection/terraform.tf | Sets required_version >= 1.9.0 and keeps providers unpinned. |
| modules/gcp-with-psc-exfiltration-protection/outputs.tf | Adds outputs for VPC/subnet/network IDs and PSC endpoint IPs. |
| examples/gcp-with-psc-exfiltration-protection/variables.tf | Mirrors module validations and reorganizes variable sections. |
| examples/gcp-with-psc-exfiltration-protection/terraform.tf | Sets required_version >= 1.9.0 and removes provider version pins. |
| .gitignore | Ignores .claude/ and CLAUDE.md. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| description = "Databricks Account ID" | ||
|
|
||
| validation { | ||
| condition = can(regex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.databricks_account_id)) |
| description = "IP address of the regional default Hive Metastore" | ||
|
|
||
| validation { | ||
| condition = can(regex("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$", var.hive_metastore_ip)) |
| description = "Databricks Account ID" | ||
|
|
||
| validation { | ||
| condition = can(regex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.databricks_account_id)) |
| description = "IP address of the regional default Hive Metastore" | ||
|
|
||
| validation { | ||
| condition = can(regex("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$", var.hive_metastore_ip)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #165
Hardens the existing
gcp-with-psc-exfiltration-protectionmodule and example to align with repo conventions:databricks_account_id(UUID),google_region(PSC-supported regions enum),prefix(naming pattern),hive_metastore_ip(IPv4), and all CIDR variablespsc_subnet_cidrdescription (was incorrectly "CIDR for Spoke VPC")required_version >= 1.9.0to both module and example.claude/andCLAUDE.mdto.gitignoreTest plan
terraform fmt -check -recursivepasses on changed filesterraform validatepasses on the module (requires provider init)module.gcp_with_data_exfiltration_protection.*