feat: harden gcp-with-psc-exfiltration-protection module and example#231
feat: harden gcp-with-psc-exfiltration-protection module and example#231micheledaddetta-databricks wants to merge 1 commit into
Conversation
…165) Add validation blocks, expand outputs, fix descriptions, and add required Terraform version for the GCP PSC exfiltration protection module and its matching example. - Add validation blocks for account ID (UUID), region (PSC-supported), prefix (naming pattern), hive metastore IP (IPv4), and CIDRs - Fix psc_subnet_cidr description (was incorrectly "CIDR for Spoke VPC") - Expand module outputs from 2 to 10 (VPC IDs, subnet IDs, PSC IPs) - Add required_version >= 1.9.0 to both module and example - Remove provider version pins (templates, not production modules) - Add .claude/ and CLAUDE.md to .gitignore - Organize variables with section comments Co-authored-by: Isaac
There was a problem hiding this comment.
Pull request overview
Hardens the existing gcp-with-psc-exfiltration-protection Terraform module and its example by adding input validations, expanding outputs, and aligning version/provider constraints and ignore rules with the repository’s template conventions.
Changes:
- Added variable validation for account ID, region, naming prefix, hive metastore IP, and CIDR inputs (module + example).
- Expanded module outputs to expose key network identifiers and PSC endpoint IPs.
- Standardized Terraform
required_versionand removed provider version pins; updated.gitignoreto exclude Claude tooling files.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| modules/gcp-with-psc-exfiltration-protection/variables.tf | Adds variable organization + validation blocks for core inputs. |
| modules/gcp-with-psc-exfiltration-protection/terraform.tf | Sets required_version >= 1.9.0 and keeps providers unpinned. |
| modules/gcp-with-psc-exfiltration-protection/outputs.tf | Adds outputs for VPC/subnet/network IDs and PSC endpoint IPs. |
| examples/gcp-with-psc-exfiltration-protection/variables.tf | Mirrors module validations and reorganizes variable sections. |
| examples/gcp-with-psc-exfiltration-protection/terraform.tf | Sets required_version >= 1.9.0 and removes provider version pins. |
| .gitignore | Ignores .claude/ and CLAUDE.md. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| description = "Databricks Account ID" | ||
|
|
||
| validation { | ||
| condition = can(regex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.databricks_account_id)) |
| description = "IP address of the regional default Hive Metastore" | ||
|
|
||
| validation { | ||
| condition = can(regex("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$", var.hive_metastore_ip)) |
| description = "Databricks Account ID" | ||
|
|
||
| validation { | ||
| condition = can(regex("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.databricks_account_id)) |
| description = "IP address of the regional default Hive Metastore" | ||
|
|
||
| validation { | ||
| condition = can(regex("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$", var.hive_metastore_ip)) |
|
Summary
Closes #165
Hardens the existing
gcp-with-psc-exfiltration-protectionmodule and example to align with repo conventions:databricks_account_id(UUID),google_region(PSC-supported regions enum),prefix(naming pattern),hive_metastore_ip(IPv4), and all CIDR variablespsc_subnet_cidrdescription (was incorrectly "CIDR for Spoke VPC")required_version >= 1.9.0to both module and example.claude/andCLAUDE.mdto.gitignoreTest plan
terraform fmt -check -recursivepasses on changed filesterraform validatepasses on the module (requires provider init)module.gcp_with_data_exfiltration_protection.*