Merge remote-tracking branch 'upstream/main' into bug-269297255

Author: pratikmore0290

privateca/certificate_authority_basic/main.tf

@@ -15,52 +15,41 @@
  */
 
 # [START privateca_create_ca]
-resource "google_privateca_certificate_authority" "default" {
+resource "google_privateca_certificate_authority" "root_ca" {
   // This example assumes this pool already exists.
   // Pools cannot be deleted in normal test circumstances, so we depend on static pools
-  pool                     = "my-pool"
-  certificate_authority_id = "my-certificate-authority-hashicorp"
-  location                 = "us-central1"
-  deletion_protection      = false # set to true to prevent destruction of the resource
+  pool                                   = "my-pool"
+  certificate_authority_id               = "my-certificate-authority-root"
+  location                               = "us-central1"
+  deletion_protection                    = false # set to true to prevent destruction of the resource
+  ignore_active_certificates_on_deletion = true
   config {
     subject_config {
       subject {
-        organization = "HashiCorp"
+        organization = "ACME"
         common_name  = "my-certificate-authority"
       }
-      subject_alt_name {
-        dns_names = ["hashicorp.com"]
-      }
     }
     x509_config {
       ca_options {
-        is_ca                  = true
-        max_issuer_path_length = 10
+        # is_ca *MUST* be true for certificate authorities
+        is_ca = true
       }
       key_usage {
         base_key_usage {
-          digital_signature  = true
-          content_commitment = true
-          key_encipherment   = false
-          data_encipherment  = true
-          key_agreement      = true
-          cert_sign          = true
-          crl_sign           = true
-          decipher_only      = true
+          # cert_sign and crl_sign *MUST* be true for certificate authorities
+          cert_sign = true
+          crl_sign  = true
         }
         extended_key_usage {
-          server_auth      = true
-          client_auth      = false
-          email_protection = true
-          code_signing     = true
-          time_stamping    = true
         }
       }
     }
   }
-  lifetime = "86400s"
   key_spec {
     algorithm = "RSA_PKCS1_4096_SHA256"
   }
+  // valid for 10 years
+  lifetime = "${10 * 365 * 24 * 3600}s"
 }
 # [END privateca_create_ca]

privateca/certificate_authority_subordinate/main.tf

@@ -16,6 +16,8 @@
 
 # [START privateca_create_subordinateca]
 resource "google_privateca_certificate_authority" "root_ca" {
+  // This example assumes this pool already exists.
+  // Pools cannot be deleted in normal test circumstances, so we depend on static pools
   pool                                   = "my-pool"
   certificate_authority_id               = "my-certificate-authority-root"
   location                               = "us-central1"
@@ -24,12 +26,9 @@ resource "google_privateca_certificate_authority" "root_ca" {
   config {
     subject_config {
       subject {
-        organization = "HashiCorp"
+        organization = "ACME"
         common_name  = "my-certificate-authority"
       }
-      subject_alt_name {
-        dns_names = ["hashicorp.com"]
-      }
     }
     x509_config {
       ca_options {
@@ -43,20 +42,21 @@ resource "google_privateca_certificate_authority" "root_ca" {
           crl_sign  = true
         }
         extended_key_usage {
-          server_auth = false
         }
       }
     }
   }
   key_spec {
     algorithm = "RSA_PKCS1_4096_SHA256"
   }
+  // valid for 10 years
+  lifetime = "${10 * 365 * 24 * 3600}s"
 }
 
-resource "google_privateca_certificate_authority" "default" {
+resource "google_privateca_certificate_authority" "sub_ca" {
   // This example assumes this pool already exists.
   // Pools cannot be deleted in normal test circumstances, so we depend on static pools
-  pool                     = "my-pool"
+  pool                     = "my-sub-pool"
   certificate_authority_id = "my-certificate-authority-sub"
   location                 = "us-central1"
   deletion_protection      = false # set to true to prevent destruction of the resource
@@ -66,12 +66,9 @@ resource "google_privateca_certificate_authority" "default" {
   config {
     subject_config {
       subject {
-        organization = "HashiCorp"
+        organization = "ACME"
         common_name  = "my-subordinate-authority"
       }
-      subject_alt_name {
-        dns_names = ["hashicorp.com"]
-      }
     }
     x509_config {
       ca_options {
@@ -81,28 +78,18 @@ resource "google_privateca_certificate_authority" "default" {
       }
       key_usage {
         base_key_usage {
-          digital_signature  = true
-          content_commitment = true
-          key_encipherment   = false
-          data_encipherment  = true
-          key_agreement      = true
-          cert_sign          = true
-          crl_sign           = true
-          decipher_only      = true
+          cert_sign = true
+          crl_sign  = true
         }
         extended_key_usage {
-          server_auth      = true
-          client_auth      = false
-          email_protection = true
-          code_signing     = true
-          time_stamping    = true
         }
       }
     }
   }
-  lifetime = "86400s"
+  // valid for 5 years
+  lifetime = "${5 * 365 * 24 * 3600}s"
   key_spec {
-    algorithm = "RSA_PKCS1_4096_SHA256"
+    algorithm = "RSA_PKCS1_2048_SHA256"
   }
   type = "SUBORDINATE"
 }

vertex_ai/index_endpoint/main.tf

@@ -0,0 +1,77 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+# [START aiplatform_create_index_endpoint_sample]
+resource "google_vertex_ai_index_endpoint" "default" {
+  display_name            = "sample-endpoint"
+  description             = "A sample index endpoint with a public endpoint"
+  region                  = "us-central1"
+  public_endpoint_enabled = true
+}
+
+# Cloud Storage bucket name must be unique
+resource "random_id" "default" {
+  byte_length = 8
+}
+
+# Create a Cloud Storage bucket
+resource "google_storage_bucket" "bucket" {
+  name                        = "vertex-ai-index-bucket-${random_id.default.hex}"
+  location                    = "us-central1"
+  uniform_bucket_level_access = true
+}
+
+# Create index content
+resource "google_storage_bucket_object" "data" {
+  name    = "contents/data.json"
+  bucket  = google_storage_bucket.bucket.name
+  content = <<EOF
+{"id": "42", "embedding": [0.5, 1.0], "restricts": [{"namespace": "class", "allow": ["cat", "pet"]},{"namespace": "category", "allow": ["feline"]}]}
+{"id": "43", "embedding": [0.6, 1.0], "restricts": [{"namespace": "class", "allow": ["dog", "pet"]},{"namespace": "category", "allow": ["canine"]}]}
+EOF
+}
+
+resource "google_vertex_ai_index" "default" {
+  region       = "us-central1"
+  display_name = "sample-index-batch-update"
+  description  = "A sample index for batch update"
+  labels = {
+    foo = "bar"
+  }
+
+  metadata {
+    contents_delta_uri = "gs://${google_storage_bucket.bucket.name}/contents"
+    config {
+      dimensions                  = 2
+      approximate_neighbors_count = 150
+      distance_measure_type       = "DOT_PRODUCT_DISTANCE"
+      algorithm_config {
+        tree_ah_config {
+          leaf_node_embedding_count    = 500
+          leaf_nodes_to_search_percent = 7
+        }
+      }
+    }
+  }
+  index_update_method = "BATCH_UPDATE"
+
+  timeouts {
+    create = "2h"
+    update = "1h"
+  }
+}
+# [END aiplatform_create_index_endpoint_sample]

vertex_ai/index_endpoint_deploy/main.tf

@@ -0,0 +1,88 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+# [START aiplatform_deploy_index_endpoint_sample]
+provider "google" {
+  region = "us-central1"
+}
+
+resource "google_vertex_ai_index_endpoint_deployed_index" "default" {
+  depends_on        = [google_vertex_ai_index_endpoint.default]
+  index_endpoint    = google_vertex_ai_index_endpoint.default.id
+  index             = google_vertex_ai_index.default.id
+  deployed_index_id = "deployed_index_id"
+}
+
+resource "google_vertex_ai_index_endpoint" "default" {
+  display_name            = "sample-endpoint"
+  description             = "A sample index endpoint with a public endpoint"
+  region                  = "us-central1"
+  public_endpoint_enabled = true
+}
+
+# Cloud Storage bucket name must be unique
+resource "random_id" "default" {
+  byte_length = 8
+}
+
+# Create a Cloud Storage bucket
+resource "google_storage_bucket" "bucket" {
+  name                        = "vertex-ai-index-bucket-${random_id.default.hex}"
+  location                    = "us-central1"
+  uniform_bucket_level_access = true
+}
+
+# Create index content
+resource "google_storage_bucket_object" "data" {
+  name    = "contents/data.json"
+  bucket  = google_storage_bucket.bucket.name
+  content = <<EOF
+{"id": "42", "embedding": [0.5, 1.0], "restricts": [{"namespace": "class", "allow": ["cat", "pet"]},{"namespace": "category", "allow": ["feline"]}]}
+{"id": "43", "embedding": [0.6, 1.0], "restricts": [{"namespace": "class", "allow": ["dog", "pet"]},{"namespace": "category", "allow": ["canine"]}]}
+EOF
+}
+
+resource "google_vertex_ai_index" "default" {
+  region       = "us-central1"
+  display_name = "sample-index-batch-update"
+  description  = "A sample index for batch update"
+  labels = {
+    foo = "bar"
+  }
+
+  metadata {
+    contents_delta_uri = "gs://${google_storage_bucket.bucket.name}/contents"
+    config {
+      dimensions                  = 2
+      approximate_neighbors_count = 150
+      distance_measure_type       = "DOT_PRODUCT_DISTANCE"
+      algorithm_config {
+        tree_ah_config {
+          leaf_node_embedding_count    = 500
+          leaf_nodes_to_search_percent = 7
+        }
+      }
+    }
+  }
+  index_update_method = "BATCH_UPDATE"
+
+  timeouts {
+    create = "2h"
+    update = "1h"
+  }
+}
+# [END aiplatform_deploy_index_endpoint_sample]