feat: Implement new Ops agent policy module (#101)

examples/ops_agent_policy_install_all/README.md

@@ -0,0 +1,22 @@
+# Ops Agent Policy Example
+
+This example illustrates how to use the `ops-agent-policy` module to install the ops agent on all VMs in a zone.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/ops_agent_policy_install_all/main.tf

@@ -0,0 +1,35 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  project = var.project_id
+}
+
+data "google_compute_regions" "available" {
+}
+
+data "google_compute_zones" "available" {
+  for_each = toset(data.google_compute_regions.available.names)
+  region   = each.value
+}
+
+module "ops_agent_policy" {
+  for_each        = toset(flatten([for zones in values(data.google_compute_zones.available) : zones.names]))
+  source          = "../../modules/ops-agent-policy"
+  assignment_id   = "ops-agent-policy-all-in-${each.key}"
+  zone            = each.key
+  instance_filter = { all = true }
+}

examples/ops_agent_policy_install_all/variables.tf

@@ -0,0 +1,20 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The ID of the project in which to provision resources."
+  type        = string
+}

examples/ops_agent_policy_install_all/versions.tf

@@ -0,0 +1,26 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.0"
+    }
+  }
+}

examples/ops_agent_policy_install_all_in_region/README.md

@@ -0,0 +1,23 @@
+# Ops Agent Policy Example
+
+This example illustrates how to use the `ops-agent-policy` module to install the ops agent on all VMs in a zone.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes |
+| region | The region in which to enforce the agent to be installed/uninstalled. | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/ops_agent_policy_install_all_in_region/main.tf

@@ -0,0 +1,31 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  project = var.project_id
+}
+
+data "google_compute_zones" "available" {
+  region = var.region
+}
+
+module "ops_agent_policy" {
+  for_each        = toset(data.google_compute_zones.available.names)
+  source          = "../../modules/ops-agent-policy"
+  assignment_id   = "ops-agent-policy-all-in-${each.key}"
+  zone            = each.key
+  instance_filter = { all = true }
+}

examples/ops_agent_policy_install_all_in_region/variables.tf

@@ -0,0 +1,24 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The ID of the project in which to provision resources."
+  type        = string
+}
+variable "region" {
+  description = "The region in which to enforce the agent to be installed/uninstalled."
+  type        = string
+}

examples/ops_agent_policy_install_all_in_region/versions.tf

@@ -0,0 +1,26 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.0"
+    }
+  }
+}

examples/ops_agent_policy_install_all_in_zone/README.md

@@ -0,0 +1,23 @@
+# Ops Agent Policy Example
+
+This example illustrates how to use the `ops-agent-policy` module to install the ops agent on all VMs in a zone.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes |
+| zone | The zone in which to install the ops agent. | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/ops_agent_policy_install_all_in_zone/main.tf

@@ -0,0 +1,26 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  project = var.project_id
+}
+
+module "ops_agent_policy" {
+  source          = "../../modules/ops-agent-policy"
+  assignment_id   = "ops-agent-policy-all-in-${var.zone}"
+  zone            = var.zone
+  instance_filter = { all = true }
+}

examples/ops_agent_policy_install_all_in_zone/variables.tf

@@ -0,0 +1,25 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The ID of the project in which to provision resources."
+  type        = string
+}
+
+variable "zone" {
+  description = "The zone in which to install the ops agent."
+  type        = string
+}

examples/ops_agent_policy_install_all_in_zone/versions.tf

@@ -0,0 +1,26 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.0"
+    }
+  }
+}

modules/ops-agent-policy/README.md

@@ -0,0 +1,26 @@
+# Agent Policy
+
+This module is used to install/uninstall the ops agent in GCE.
+
+## Usage
+
+Functional examples are included in the [examples](./../../examples) directory.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| agents\_rule | Whether to install or uninstall the agent, and which version to install. | `object({ package_state : string, version : string })` | <pre>{<br>  "package_state": "installed",<br>  "version": "latest"<br>}</pre> | no |
+| assignment\_id | Resource name. Unique among policy assignments in the given zone | `string` | n/a | yes |
+| instance\_filter | Filter to select VMs. Structure is documented below here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/os_config_os_policy_assignment. | <pre>object({<br>    all : optional(bool),<br>    // excludes a VM if it contains all label-value pairs for some element in the list<br>    exclusion_labels : optional(list(object({<br>      labels : map(string)<br>    })), []),<br>    // includes a VM if it contains all label-value pairs for some element in the list<br>    inclusion_labels : optional(list(object({<br>      labels : map(string)<br>    })), []),<br>    // includes a VM if its inventory data matches at least one of the following inventories<br>    inventories : optional(list(object({<br>      os_short_name : string,<br>      os_version : string<br>    })), []),<br>  })</pre> | n/a | yes |
+| project | The ID of the project in which to provision resources. If not present, uses the provider ID | `string` | `null` | no |
+| zone | The location to which policy assignments are applied to. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ops\_agent\_policy | The generated policy for installing/uninstalling the ops agent. |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->