tf-starter 1.0.0

package/tf_starter/templates/gcp/modules/lambda/main.tf.j2

@@ -0,0 +1,122 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# LAMBDA MODULE — Google Cloud Functions (2nd Gen)
+# Project: {{ project_name }}
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+locals {
+  name_prefix   = "${var.project_name}-${var.environment}"
+  function_name = "${local.name_prefix}-${var.function_name}"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# SERVICE ACCOUNT
+# ---------------------------------------------------------------------------------------------------------------------
+
+resource "google_service_account" "function" {
+  project      = var.project_id
+  account_id   = "${local.name_prefix}-fn-sa"
+  display_name = "Cloud Function SA for ${local.name_prefix}"
+}
+
+resource "google_project_iam_member" "function_invoker" {
+  project = var.project_id
+  role    = "roles/run.invoker"
+  member  = "serviceAccount:${google_service_account.function.email}"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# SOURCE BUCKET (stores function code)
+# ---------------------------------------------------------------------------------------------------------------------
+
+resource "google_storage_bucket" "function_source" {
+  name     = "${local.function_name}-source"
+  project  = var.project_id
+  location = var.region
+
+  uniform_bucket_level_access = true
+
+  versioning {
+    enabled = true
+  }
+
+  labels = var.labels
+}
+
+resource "google_storage_bucket_object" "function_zip" {
+  name   = "function-source.zip"
+  bucket = google_storage_bucket.function_source.name
+  source = data.archive_file.function_placeholder.output_path
+}
+
+data "archive_file" "function_placeholder" {
+  type        = "zip"
+  output_path = "${path.module}/placeholder.zip"
+
+  source {
+    content  = <<-EOF
+      def hello_http(request):
+          """Placeholder Cloud Function — replace with your code."""
+          return "Hello from ${local.function_name}"
+    EOF
+    filename = "main.py"
+  }
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# CLOUD FUNCTION (2nd Gen)
+# ---------------------------------------------------------------------------------------------------------------------
+
+resource "google_cloudfunctions2_function" "main" {
+  name     = local.function_name
+  project  = var.project_id
+  location = var.region
+
+  build_config {
+    runtime     = var.runtime
+    entry_point = var.entry_point
+
+    source {
+      storage_source {
+        bucket = google_storage_bucket.function_source.name
+        object = google_storage_bucket_object.function_zip.name
+      }
+    }
+  }
+
+  service_config {
+    max_instance_count    = var.max_instances
+    min_instance_count    = var.min_instances
+    available_memory      = var.memory
+    timeout_seconds       = var.timeout
+    service_account_email = google_service_account.function.email
+
+    environment_variables = merge(
+      {
+        ENVIRONMENT  = var.environment
+        PROJECT_NAME = var.project_name
+      },
+      var.environment_variables,
+    )
+  }
+
+  labels = merge(var.labels, {
+    function = var.function_name
+  })
+
+  ### MUST EDIT THIS ###
+  # Replace the placeholder source above with your real function code.
+}
+
+# Allow unauthenticated invocations (for API Gateway integration)
+resource "google_cloud_run_service_iam_member" "invoker" {
+  project  = var.project_id
+  location = var.region
+  service  = google_cloudfunctions2_function.main.service_config[0].service
+  role     = "roles/run.invoker"
+  member   = "allUsers"
+
+  ### MUST EDIT THIS ###
+  # For production, restrict to specific service accounts:
+  # member = "serviceAccount:${google_service_account.function.email}"
+}

package/tf_starter/templates/gcp/modules/lambda/outputs.tf.j2

@@ -0,0 +1,18 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# LAMBDA MODULE (Cloud Functions) — Outputs
+# ---------------------------------------------------------------------------------------------------------------------
+
+output "function_name" {
+  description = "Name of the Cloud Function"
+  value       = google_cloudfunctions2_function.main.name
+}
+
+output "function_uri" {
+  description = "HTTPS URI of the Cloud Function"
+  value       = google_cloudfunctions2_function.main.service_config[0].uri
+}
+
+output "service_account_email" {
+  description = "Service account email used by the function"
+  value       = google_service_account.function.email
+}

package/tf_starter/templates/gcp/modules/lambda/variables.tf.j2

@@ -0,0 +1,77 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# LAMBDA MODULE (Cloud Functions) — Variables
+# ---------------------------------------------------------------------------------------------------------------------
+
+variable "project_name" {
+  description = "Name of the project"
+  type        = string
+}
+
+variable "environment" {
+  description = "Deployment environment"
+  type        = string
+}
+
+variable "project_id" {
+  description = "GCP project ID"
+  type        = string
+}
+
+variable "region" {
+  description = "GCP region"
+  type        = string
+}
+
+variable "function_name" {
+  description = "Short name for the function"
+  type        = string
+  default     = "app"
+}
+
+variable "runtime" {
+  description = "Cloud Function runtime"
+  type        = string
+  default     = "python312"
+}
+
+variable "entry_point" {
+  description = "Function entry point"
+  type        = string
+  default     = "hello_http"
+}
+
+variable "timeout" {
+  description = "Function timeout in seconds"
+  type        = number
+  default     = 60
+}
+
+variable "memory" {
+  description = "Available memory (e.g., 256M, 512M, 1Gi)"
+  type        = string
+  default     = "256M"
+}
+
+variable "max_instances" {
+  description = "Maximum concurrent instances"
+  type        = number
+  default     = 100
+}
+
+variable "min_instances" {
+  description = "Minimum instances (0 for scale-to-zero)"
+  type        = number
+  default     = 0
+}
+
+variable "environment_variables" {
+  description = "Additional environment variables"
+  type        = map(string)
+  default     = {}
+}
+
+variable "labels" {
+  description = "Resource labels"
+  type        = map(string)
+  default     = {}
+}

package/tf_starter/templates/gcp/modules/messaging/main.tf.j2

@@ -0,0 +1,44 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# MESSAGING MODULE — Pub/Sub
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+locals {
+  name_prefix = "${var.project_name}-${var.environment}"
+}
+
+resource "google_pubsub_topic" "main" {
+  name    = "${local.name_prefix}-topic"
+  project = var.project_id
+
+  message_retention_duration = var.message_retention_duration
+
+  labels = var.labels
+}
+
+resource "google_pubsub_subscription" "main" {
+  name    = "${local.name_prefix}-subscription"
+  project = var.project_id
+  topic   = google_pubsub_topic.main.id
+
+  ack_deadline_seconds       = var.ack_deadline_seconds
+  message_retention_duration = var.message_retention_duration
+
+  retry_policy {
+    minimum_backoff = "10s"
+    maximum_backoff = "600s"
+  }
+
+  dead_letter_policy {
+    dead_letter_topic     = google_pubsub_topic.dead_letter.id
+    max_delivery_attempts = 5
+  }
+
+  labels = var.labels
+}
+
+resource "google_pubsub_topic" "dead_letter" {
+  name    = "${local.name_prefix}-dlq"
+  project = var.project_id
+  labels  = var.labels
+}

package/tf_starter/templates/gcp/modules/messaging/outputs.tf.j2

@@ -0,0 +1,13 @@
+# MESSAGING MODULE — Outputs (GCP)
+
+output "topic_id" {
+  value = google_pubsub_topic.main.id
+}
+
+output "topic_name" {
+  value = google_pubsub_topic.main.name
+}
+
+output "subscription_id" {
+  value = google_pubsub_subscription.main.id
+}

package/tf_starter/templates/gcp/modules/messaging/variables.tf.j2

@@ -0,0 +1,20 @@
+# MESSAGING MODULE — Variables (GCP)
+
+variable "project_name" { type = string }
+variable "environment" { type = string }
+variable "project_id" { type = string }
+
+variable "message_retention_duration" {
+  type    = string
+  default = "604800s"
+}
+
+variable "ack_deadline_seconds" {
+  type    = number
+  default = 20
+}
+
+variable "labels" {
+  type    = map(string)
+  default = {}
+}

package/tf_starter/templates/gcp/modules/monitoring/main.tf.j2

@@ -0,0 +1,44 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# MONITORING MODULE — Cloud Monitoring
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+locals {
+  name_prefix = "${var.project_name}-${var.environment}"
+}
+
+resource "google_monitoring_notification_channel" "email" {
+  count        = var.notification_email != "" ? 1 : 0
+  display_name = "${local.name_prefix}-email"
+  project      = var.project_id
+  type         = "email"
+
+  labels = {
+    email_address = var.notification_email
+  }
+}
+
+resource "google_monitoring_alert_policy" "cpu_high" {
+  display_name = "${local.name_prefix}-cpu-high"
+  project      = var.project_id
+  combiner     = "OR"
+
+  conditions {
+    display_name = "CPU utilization > 80%"
+    condition_threshold {
+      filter          = "metric.type=\"compute.googleapis.com/instance/cpu/utilization\" AND resource.type=\"gce_instance\""
+      comparison      = "COMPARISON_GT"
+      threshold_value = 0.8
+      duration        = "300s"
+
+      aggregations {
+        alignment_period   = "60s"
+        per_series_aligner = "ALIGN_MEAN"
+      }
+    }
+  }
+
+  notification_channels = var.notification_email != "" ? [google_monitoring_notification_channel.email[0].id] : []
+
+  user_labels = var.labels
+}

package/tf_starter/templates/gcp/modules/monitoring/outputs.tf.j2

@@ -0,0 +1,9 @@
+# MONITORING MODULE — Outputs (GCP)
+
+output "notification_channel_id" {
+  value = length(google_monitoring_notification_channel.email) > 0 ? google_monitoring_notification_channel.email[0].id : ""
+}
+
+output "alert_policy_id" {
+  value = google_monitoring_alert_policy.cpu_high.id
+}

package/tf_starter/templates/gcp/modules/monitoring/variables.tf.j2

@@ -0,0 +1,13 @@
+# MONITORING MODULE — Variables (GCP)
+
+variable "project_name" { type = string }
+variable "environment" { type = string }
+variable "project_id" { type = string }
+variable "notification_email" {
+  type    = string
+  default = ""
+}
+variable "labels" {
+  type    = map(string)
+  default = {}
+}

package/tf_starter/templates/gcp/modules/network/main.tf.j2

@@ -0,0 +1,103 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# NETWORK MODULE — VPC, Subnets, Cloud NAT, Cloud Router
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+locals {
+  name_prefix = "${var.project_name}-${var.environment}"
+}
+
+resource "google_compute_network" "main" {
+  name                    = "${local.name_prefix}-vpc"
+  project                 = var.project_id
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "public" {
+  name          = "${local.name_prefix}-public"
+  project       = var.project_id
+  region        = var.region
+  network       = google_compute_network.main.id
+  ip_cidr_range = "10.0.1.0/24"
+}
+
+resource "google_compute_subnetwork" "private" {
+  name                     = "${local.name_prefix}-private"
+  project                  = var.project_id
+  region                   = var.region
+  network                  = google_compute_network.main.id
+  ip_cidr_range            = "10.0.10.0/24"
+  private_ip_google_access = true
+}
+
+resource "google_compute_router" "main" {
+  name    = "${local.name_prefix}-router"
+  project = var.project_id
+  region  = var.region
+  network = google_compute_network.main.id
+}
+
+resource "google_compute_router_nat" "main" {
+  name                               = "${local.name_prefix}-nat"
+  project                            = var.project_id
+  region                             = var.region
+  router                             = google_compute_router.main.name
+  nat_ip_allocate_option             = "AUTO_ONLY"
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+
+  log_config {
+    enable = true
+    filter = "ERRORS_ONLY"
+  }
+}
+
+resource "google_compute_global_address" "private_ip" {
+  name          = "${local.name_prefix}-private-ip"
+  project       = var.project_id
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.main.id
+}
+
+resource "google_service_networking_connection" "private" {
+  network                 = google_compute_network.main.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.private_ip.name]
+}
+
+resource "google_compute_firewall" "allow_internal" {
+  name    = "${local.name_prefix}-allow-internal"
+  project = var.project_id
+  network = google_compute_network.main.name
+
+  allow {
+    protocol = "tcp"
+    ports    = ["0-65535"]
+  }
+
+  allow {
+    protocol = "udp"
+    ports    = ["0-65535"]
+  }
+
+  allow {
+    protocol = "icmp"
+  }
+
+  source_ranges = ["10.0.0.0/8"]
+}
+
+resource "google_compute_firewall" "allow_http" {
+  name    = "${local.name_prefix}-allow-http"
+  project = var.project_id
+  network = google_compute_network.main.name
+
+  allow {
+    protocol = "tcp"
+    ports    = ["80", "443"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = ["http-server"]
+}

package/tf_starter/templates/gcp/modules/network/outputs.tf.j2

@@ -0,0 +1,21 @@
+# NETWORK MODULE — Outputs (GCP)
+
+output "network_self_link" {
+  value = google_compute_network.main.self_link
+}
+
+output "network_name" {
+  value = google_compute_network.main.name
+}
+
+output "public_subnet_self_link" {
+  value = google_compute_subnetwork.public.self_link
+}
+
+output "private_subnet_self_link" {
+  value = google_compute_subnetwork.private.self_link
+}
+
+output "private_ip_range_name" {
+  value = google_compute_global_address.private_ip.name
+}

package/tf_starter/templates/gcp/modules/network/variables.tf.j2

@@ -0,0 +1,22 @@
+# NETWORK MODULE — Variables (GCP)
+
+variable "project_name" {
+  type = string
+}
+
+variable "environment" {
+  type = string
+}
+
+variable "region" {
+  type = string
+}
+
+variable "project_id" {
+  type = string
+}
+
+variable "labels" {
+  type    = map(string)
+  default = {}
+}

package/tf_starter/templates/gcp/modules/storage/main.tf.j2

@@ -0,0 +1,47 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# STORAGE MODULE — GCS
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+locals {
+  name_prefix = "${var.project_name}-${var.environment}"
+}
+
+resource "random_id" "bucket_suffix" {
+  byte_length = 4
+}
+
+resource "google_storage_bucket" "main" {
+  name     = "${local.name_prefix}-storage-${random_id.bucket_suffix.hex}"
+  project  = var.project_id
+  location = var.region
+
+  storage_class               = "STANDARD"
+  uniform_bucket_level_access = true
+
+  versioning {
+    enabled = var.enable_versioning
+  }
+
+  lifecycle_rule {
+    action {
+      type          = "SetStorageClass"
+      storage_class = "NEARLINE"
+    }
+    condition {
+      age = 90
+    }
+  }
+
+  lifecycle_rule {
+    action {
+      type          = "SetStorageClass"
+      storage_class = "COLDLINE"
+    }
+    condition {
+      age = 180
+    }
+  }
+
+  labels = var.labels
+}

package/tf_starter/templates/gcp/modules/storage/outputs.tf.j2

@@ -0,0 +1,13 @@
+# STORAGE MODULE — Outputs (GCP)
+
+output "bucket_name" {
+  value = google_storage_bucket.main.name
+}
+
+output "bucket_url" {
+  value = google_storage_bucket.main.url
+}
+
+output "bucket_self_link" {
+  value = google_storage_bucket.main.self_link
+}

package/tf_starter/templates/gcp/modules/storage/variables.tf.j2

@@ -0,0 +1,16 @@
+# STORAGE MODULE — Variables (GCP)
+
+variable "project_name" { type = string }
+variable "environment" { type = string }
+variable "project_id" { type = string }
+variable "region" { type = string }
+
+variable "enable_versioning" {
+  type    = bool
+  default = true
+}
+
+variable "labels" {
+  type    = map(string)
+  default = {}
+}

package/tf_starter/templates/gcp/root/backend.tf.j2

@@ -0,0 +1,12 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# REMOTE BACKEND — GCS
+# Generated by tf-starter
+# ---------------------------------------------------------------------------------------------------------------------
+
+terraform {
+  backend "gcs" {
+    ### MUST EDIT THIS ###
+    bucket = "{{ project_name }}-terraform-state"
+    prefix = "{{ project_name }}/terraform.tfstate"
+  }
+}