Skip to content

feat: harden gcp-with-psc-exfiltration-protection module and example#231

Open
micheledaddetta-databricks wants to merge 1 commit intomainfrom
issue-165/gcp-psc-exfiltration-hardening
Open

feat: harden gcp-with-psc-exfiltration-protection module and example#231
micheledaddetta-databricks wants to merge 1 commit intomainfrom
issue-165/gcp-psc-exfiltration-hardening

Conversation

@micheledaddetta-databricks
Copy link
Copy Markdown
Collaborator

@micheledaddetta-databricks micheledaddetta-databricks commented Mar 26, 2026
edited
Loading

Summary

Closes #165

Hardens the existing gcp-with-psc-exfiltration-protection module and example to align with repo conventions:

  • Add validation blocks for databricks_account_id (UUID), google_region (PSC-supported regions enum), prefix (naming pattern), hive_metastore_ip (IPv4), and all CIDR variables
  • Fix psc_subnet_cidr description (was incorrectly "CIDR for Spoke VPC")
  • Expand module outputs from 2 to 10: VPC IDs, subnet IDs, network ID, and PSC endpoint IPs
  • Add required_version >= 1.9.0 to both module and example
  • Remove provider version pins (these are templates, not production modules)
  • Organize variables with section comments
  • Add .claude/ and CLAUDE.md to .gitignore

Test plan

  • terraform fmt -check -recursive passes on changed files
  • terraform validate passes on the module (requires provider init)
  • Verify validation blocks reject invalid inputs (bad UUID, unsupported region, invalid CIDR)
  • Verify new outputs are accessible from the example via module.gcp_with_data_exfiltration_protection.*

@micheledaddetta-databricks
feat: harden gcp-with-psc-exfiltration-protection module and example (#…
cee171a 
…165)

Add validation blocks, expand outputs, fix descriptions, and add
required Terraform version for the GCP PSC exfiltration protection
module and its matching example.

- Add validation blocks for account ID (UUID), region (PSC-supported),
  prefix (naming pattern), hive metastore IP (IPv4), and CIDRs
- Fix psc_subnet_cidr description (was incorrectly "CIDR for Spoke VPC")
- Expand module outputs from 2 to 10 (VPC IDs, subnet IDs, PSC IPs)
- Add required_version >= 1.9.0 to both module and example
- Remove provider version pins (templates, not production modules)
- Add .claude/ and CLAUDE.md to .gitignore
- Organize variables with section comments

Co-authored-by: Isaac
@micheledaddetta-databricks micheledaddetta-databricks marked this pull request as ready for review March 26, 2026 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mihaimitrea-db mihaimitrea-db Awaiting requested review from mihaimitrea-db mihaimitrea-db is a code owner automatically assigned from databricks/eng-plat-auto-exp-reviewers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add an equivalent of adb-with-private-links-exfiltration-protection to GCP

1 participant

@micheledaddetta-databricks