fix: Documentation language inconsistencies, typos and tests (#419)

* fix: Documentation language inconsistencies and typos

- Fix documentation language inconsistencies and typos
- Remove double IntelliJ IDEA files mention in `.gitignore`

* Fix typos

* Remove extra '.idea' mentions

* Fix license header

* Pin terraform-google-lb-internal module version to 2.4.0, add missing health check logging toggle attribute

* Fix module name

.gitignore

@@ -19,9 +19,6 @@
 Session.vim
 .netrwhist
 
-# IntelliJ IDEA files:
-.idea/
-
 ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore
 
 # Local .terraform directories

0-bootstrap/.gitignore

@@ -19,9 +19,6 @@
 Session.vim
 .netrwhist
 
-# IntelliJ IDEA files:
-.idea/
-
 ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore
 
 # Local .terraform directories

0-bootstrap/README-Jenkins.md

@@ -105,7 +105,7 @@ You arrived to these instructions because you are using the `jenkins_bootstrap`
 
 1. Clone this mono-repository with `git clone https://github.com/terraform-google-modules/terraform-example-foundation`
 1. Clone the repository you created to host the `0-bootstrap` directory with `git clone <YOUR_NEW_REPO-0-bootstrap>`
-1. Navigate into the freshly cloned repo `cd <YOUR_NEW_REPO-0-bootstrap>` and change to a non master branch `git checkout -b my-0-bootstrap`
+1. Navigate into the freshly cloned repo `cd <YOUR_NEW_REPO-0-bootstrap>` and change to a non-master branch `git checkout -b my-0-bootstrap`
 1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/0-bootstrap/ .` (modify accordingly based on your current directory).
 1. Activate the Jenkins module and disable the Cloud Build module. This implies manually editing the following files:
     1. Comment-out the `cloudbuild_bootstrap` module in `./main.tf`

1-org/.gitignore

@@ -19,9 +19,6 @@
 Session.vim
 .netrwhist
 
-# IntelliJ IDEA files:
-.idea/
-
 ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore
 
 # Local .terraform directories

1-org/README.md

@@ -39,8 +39,8 @@ If those limitations do not apply to your workload/environment you can choose to
 1. Copy cloud build configuration files for terraform `cp ../terraform-example-foundation/build/cloudbuild-tf-* . ` (modify accordingly based on your current directory).
 1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . ` to the root of your new repository (modify accordingly based on your current directory).
 1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`.
-1. Check if your organization already has a Access Context Manager Policy `gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)"`.
-1. Rename `./envs/shared/terraform.example.tfvars` to `./envs/shared/terraform.tfvars` and update the file with values from your environment and bootstrap step (you can re-run `terraform output` in the 0-bootstrap directory to find these values). Make sure that `default_region` is set to a valid [BigQuery dataset region](https://cloud.google.com/bigquery/docs/locations). Also if the previous step showed a numeric value, make sure to un-comment the variable `create_access_context_manager_access_policy = false`. See the shared folder [README.md](./envs/shared/README.md) for additional information on the values in the `terraform.tfvars` file.
+1. Check if your organization already has an Access Context Manager Policy `gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)"`.
+1. Rename `./envs/shared/terraform.example.tfvars` to `./envs/shared/terraform.tfvars` and update the file with values from your environment and bootstrap step (you can re-run `terraform output` in the 0-bootstrap directory to find these values). Make sure that `default_region` is set to a valid [BigQuery dataset region](https://cloud.google.com/bigquery/docs/locations). Also, if the previous step showed a numeric value, make sure to un-comment the variable `create_access_context_manager_access_policy = false`. See the shared folder [README.md](./envs/shared/README.md) for additional information on the values in the `terraform.tfvars` file.
 1. Commit changes with `git add .` and `git commit -m 'Your message'`.
 1. Push your plan branch to trigger a plan `git push --set-upstream origin plan` (the branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan).
     1. Review the plan output in your cloud build project https://console.cloud.google.com/cloud-build/builds?project=YOUR_CLOUD_BUILD_PROJECT_ID
@@ -62,8 +62,8 @@ If those limitations do not apply to your workload/environment you can choose to
     ```
 1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . ` to the root of your new repository (modify accordingly based on your current directory).
 1. Ensure wrapper script can be executed `chmod 755 ./tf-wrapper.sh`.
-1. Check if your organization already has a Access Context Manager Policy `gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)"`.
-1. Rename `./envs/shared/terraform.example.tfvars` to `./envs/shared/terraform.tfvars` and update the file with values from your environment and bootstrap  (you can re-run `terraform output` in the 0-bootstrap directory to find these values). Make sure that `default_region` is set to a valid [BigQuery dataset region](https://cloud.google.com/bigquery/docs/locations). Also if the previous step showed a numeric value, make sure to un-comment the variable `create_access_context_manager_access_policy = false`. See the shared folder [README.md](./envs/shared/README.md) for additional information on the values in the `terraform.tfvars` file.
+1. Check if your organization already has an Access Context Manager Policy `gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)"`.
+1. Rename `./envs/shared/terraform.example.tfvars` to `./envs/shared/terraform.tfvars` and update the file with values from your environment and bootstrap  (you can re-run `terraform output` in the 0-bootstrap directory to find these values). Make sure that `default_region` is set to a valid [BigQuery dataset region](https://cloud.google.com/bigquery/docs/locations). Also, if the previous step showed a numeric value, make sure to un-comment the variable `create_access_context_manager_access_policy = false`. See the shared folder [README.md](./envs/shared/README.md) for additional information on the values in the `terraform.tfvars` file.
 1. Commit changes with `git add .` and `git commit -m 'Your message'`
 1. Push your plan branch `git push --set-upstream origin plan`. The branch `plan` is not a special one. Any branch which name is different from `development`, `non-production` or `production` will trigger a terraform plan.
     - Assuming you configured an automatic trigger in your Jenkins Master (see [Jenkins sub-module README](../0-bootstrap/modules/jenkins-agent)), this will trigger a plan. You can also trigger a Jenkins job manually. Given the many options to do this in Jenkins, it is out of the scope of this document see [Jenkins website](http://www.jenkins.io) for more details.
@@ -82,12 +82,12 @@ If those limitations do not apply to your workload/environment you can choose to
 1. Rename terraform.example.tfvars to terraform.tfvars and update the file with values from your environment and bootstrap.
 1. Update backend.tf with your bucket from bootstrap. You can run
 ```for i in `find -name 'backend.tf'`; do sed -i 's/UPDATE_ME/<YOUR-BUCKET-NAME>/' $i; done```.
-You can run `terraform output gcs_bucket_tfstate` in the 0-bootstap folder to obtain the bucket name.
+You can run `terraform output gcs_bucket_tfstate` in the 0-bootstrap folder to obtain the bucket name.
 
 We will now deploy our environment (production) using this script.
 When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch is the repository for 1-org step and only the corresponding environment is applied.
 
-To use the `validate` option of the `tf-wrapper.sh` script, the latest version of `terraform-validator` must be [installed](https://github.com/forseti-security/policy-library/blob/master/docs/user_guide.md#how-to-use-terraform-validator) in your system and in you `PATH`.
+To use the `validate` option of the `tf-wrapper.sh` script, the latest version of `terraform-validator` must be [installed](https://github.com/forseti-security/policy-library/blob/master/docs/user_guide.md#how-to-use-terraform-validator) in your system and in your `PATH`.
 
 1. Run `./tf-wrapper.sh init production`.
 1. Run `./tf-wrapper.sh plan production` and review output.

2-environments/.gitignore

@@ -19,9 +19,6 @@
 Session.vim
 .netrwhist
 
-# IntelliJ IDEA files:
-.idea/
-
 ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore
 
 # Local .terraform directories

2-environments/README.md

@@ -14,7 +14,7 @@ The purpose of this step is to set up development, non-production and production
 ### Setup to run via Cloud Build
 
 1. Clone repo `gcloud source repos clone gcp-environments --project=YOUR_CLOUD_BUILD_PROJECT_ID`.
-1. Navigate into the repo `cd gcp-environments` and change to non master branch `git checkout -b plan`.
+1. Navigate into the repo `cd gcp-environments` and change to non-master branch `git checkout -b plan`.
 1. Copy contents of foundation to new repo `cp -RT ../terraform-example-foundation/2-environments/ .` (modify accordingly based on your current directory).
 1. Copy cloud build configuration files for terraform `cp ../terraform-example-foundation/build/cloudbuild-tf-* . ` (modify accordingly based on your current directory).
 1. Copy terraform wrapper script `cp ../terraform-example-foundation/build/tf-wrapper.sh . ` to the root of your new repository (modify accordingly based on your current directory).
@@ -66,12 +66,12 @@ The purpose of this step is to set up development, non-production and production
 1. Rename terraform.example.tfvars to terraform.tfvars and update the file with values from your environment and bootstrap. See any of the envs folder [README.md](./envs/production/README.md) files for additional information on the values in the `terraform.tfvars` file.
 1. Update backend.tf with your bucket from bootstrap. You can run
 ```for i in `find -name 'backend.tf'`; do sed -i 's/UPDATE_ME/<YOUR-BUCKET-NAME>/' $i; done```.
-You can run `terraform output gcs_bucket_tfstate` in the 0-bootstap folder to obtain the bucket name.
+You can run `terraform output gcs_bucket_tfstate` in the 0-bootstrap folder to obtain the bucket name.
 
 We will now deploy each of our environments(development/production/non-production) using this script.
 When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch is the repository for 2-environments step and only the corresponding environment is applied.
 
-To use the `validate` option of the `tf-wrapper.sh` script, the latest version of `terraform-validator` must be [installed](https://github.com/forseti-security/policy-library/blob/master/docs/user_guide.md#how-to-use-terraform-validator) in your system and in you `PATH`.
+To use the `validate` option of the `tf-wrapper.sh` script, the latest version of `terraform-validator` must be [installed](https://github.com/forseti-security/policy-library/blob/master/docs/user_guide.md#how-to-use-terraform-validator) in your system and in your `PATH`.
 
 1. Run `./tf-wrapper.sh init development`.
 1. Run `./tf-wrapper.sh plan development` and review output.

3-networks/.gitignore

@@ -19,9 +19,6 @@
 Session.vim
 .netrwhist
 
-# IntelliJ IDEA files:
-.idea/
-
 ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore
 
 # Local .terraform directories

3-networks/README.md

@@ -123,7 +123,7 @@ We will now deploy each of our environments(development/production/non-productio
 When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch in the repository for 3-networks step
 and only the corresponding environment is applied.
 
-To use the `validate` option of the `tf-wrapper.sh` script, the latest version of `terraform-validator` must be [installed](https://github.com/forseti-security/policy-library/blob/master/docs/user_guide.md#how-to-use-terraform-validator) in your system and in you `PATH`.
+To use the `validate` option of the `tf-wrapper.sh` script, the latest version of `terraform-validator` must be [installed](https://github.com/forseti-security/policy-library/blob/master/docs/user_guide.md#how-to-use-terraform-validator) in your system and in your `PATH`.
 
 1. Run `./tf-wrapper.sh init shared`.
 1. Run `./tf-wrapper.sh plan shared` and review output.

3-networks/envs/shared/README.md

@@ -44,7 +44,7 @@ The purpose of this step is to set up the global [DNS Hub](https://cloud.google.
 | restricted\_hub\_nat\_num\_addresses\_region2 | Number of external IPs to reserve for second Cloud NAT in Restricted Hub. | `number` | `2` | no |
 | restricted\_hub\_optional\_fw\_rules\_enabled | Toggle creation of optional firewall rules: IAP SSH, IAP RDP and Internal & Global load balancing health check and load balancing IP ranges in Restricted Hub VPC. | `bool` | `false` | no |
 | restricted\_hub\_windows\_activation\_enabled | Enable Windows license activation for Windows workloads in Restricted Hub. | `bool` | `false` | no |
-| subnetworks\_enable\_logging | Toggle subnetworks flow logging for VPC Subnetwoks. | `bool` | `true` | no |
+| subnetworks\_enable\_logging | Toggle subnetworks flow logging for VPC Subnetworks. | `bool` | `true` | no |
 | target\_name\_server\_addresses | List of target name servers for forwarding zone. | `list(string)` | n/a | yes |
 | terraform\_service\_account | Service account email of the account to impersonate to run Terraform. | `string` | n/a | yes |
 

3-networks/envs/shared/variables.tf

@@ -59,7 +59,7 @@ variable "dns_enable_logging" {
 
 variable "subnetworks_enable_logging" {
   type        = bool
-  description = "Toggle subnetworks flow logging for VPC Subnetwoks."
+  description = "Toggle subnetworks flow logging for VPC Subnetworks."
   default     = true
 }
 

3-networks/modules/base_shared_vpc/README.md

@@ -14,7 +14,7 @@
 | environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization. | `string` | n/a | yes |
 | firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls. | `bool` | `true` | no |
 | folder\_prefix | Name prefix to use for folders created. | `string` | `"fldr"` | no |
-| mode | Network deployment mode, should be set to `hub` or `spoke` when `enable_hub_and_spoke` architecture choosen, keep as `null` otherwise. | `string` | `null` | no |
+| mode | Network deployment mode, should be set to `hub` or `spoke` when `enable_hub_and_spoke` architecture chosen, keep as `null` otherwise. | `string` | `null` | no |
 | nat\_bgp\_asn | BGP ASN for first NAT cloud routes. | `number` | `0` | no |
 | nat\_enabled | Toggle creation of NAT cloud router. | `bool` | `false` | no |
 | nat\_num\_addresses | Number of external IPs to reserve for Cloud NAT. | `number` | `2` | no |

3-networks/modules/base_shared_vpc/variables.tf

@@ -26,7 +26,7 @@ variable "project_id" {
 
 variable "mode" {
   type        = string
-  description = "Network deployment mode, should be set to `hub` or `spoke` when `enable_hub_and_spoke` architecture choosen, keep as `null` otherwise."
+  description = "Network deployment mode, should be set to `hub` or `spoke` when `enable_hub_and_spoke` architecture chosen, keep as `null` otherwise."
   default     = null
 }
 

3-networks/modules/hierarchical_firewall_policy/variables.tf

@@ -20,7 +20,7 @@ variable "name" {
 }
 
 variable "parent" {
-  description = "Where the firwall policy will be created (can be organizations/{organization_id} or folders/{folder_id})"
+  description = "Where the firewall policy will be created (can be organizations/{organization_id} or folders/{folder_id})"
   type        = string
 }
 

3-networks/modules/restricted_shared_vpc/README.md

@@ -16,7 +16,7 @@
 | firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls. | `bool` | `true` | no |
 | folder\_prefix | Name prefix to use for folders created. | `string` | `"fldr"` | no |
 | members | An allowed list of members (users, service accounts). The signed-in identity originating the request must be a part of one of the provided members. If not specified, a request may come from any user (logged in/not logged in, etc.). Formats: user:{emailid}, serviceAccount:{emailid} | `list(string)` | n/a | yes |
-| mode | Network deployment mode, should be set to `hub` or `spoke` when `enable_hub_and_spoke` architecture choosen, keep as `null` otherwise. | `string` | `null` | no |
+| mode | Network deployment mode, should be set to `hub` or `spoke` when `enable_hub_and_spoke` architecture chosen, keep as `null` otherwise. | `string` | `null` | no |
 | nat\_bgp\_asn | BGP ASN for NAT cloud routes. If NAT is enabled this variable value must be a value in ranges [64512..65534] or [4200000000..4294967294]. | `number` | `64512` | no |
 | nat\_enabled | Toggle creation of NAT cloud router. | `bool` | `false` | no |
 | nat\_num\_addresses\_region1 | Number of external IPs to reserve for region 1 Cloud NAT. | `number` | `2` | no |

3-networks/modules/restricted_shared_vpc/variables.tf

@@ -36,7 +36,7 @@ variable "project_number" {
 
 variable "mode" {
   type        = string
-  description = "Network deployment mode, should be set to `hub` or `spoke` when `enable_hub_and_spoke` architecture choosen, keep as `null` otherwise."
+  description = "Network deployment mode, should be set to `hub` or `spoke` when `enable_hub_and_spoke` architecture chosen, keep as `null` otherwise."
   default     = null
 }
 

3-networks/modules/transitivity/README.md

@@ -1,6 +1,6 @@
 # Hub & Spoke Transitivity module
 
-This module implementes transitivity for hub & spoke VPC architectures using appliance VMs behind an
+This module implements transitivity for hub & spoke VPC architectures using appliance VMs behind an
 Internal Load Balancer used as next-hop for routes.
 
 ## Usage
@@ -15,6 +15,7 @@ For example usage, please check the the [net-hubs-transitivity.tf](../../envs/sh
 | commands | Commands for the transitivity gateway to run on every boot. | `list(string)` | `[]` | no |
 | firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls. | `bool` | `true` | no |
 | gw\_subnets | Subnets in {REGION => SUBNET} format. | `map(string)` | n/a | yes |
+| health\_check\_enable\_log | Toggle logging for health checks. | `bool` | `false` | no |
 | project\_id | VPC Project ID | `string` | n/a | yes |
 | regional\_aggregates | Aggregate ranges for each region in {REGION => [AGGREGATE\_CIDR,] } format. | `map(list(string))` | n/a | yes |
 | regions | Regions to deploy the transitivity appliances | `set(string)` | `null` | no |

3-networks/modules/transitivity/assets/gw.yaml

@@ -1,12 +1,12 @@
 #cloud-config
 
-# Copyright 2020 Google LLC
+# Copyright 2021 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,

3-networks/modules/transitivity/main.tf

@@ -75,8 +75,8 @@ module "migs" {
 }
 
 module "ilbs" {
-  source = "github.com/terraform-google-modules/terraform-google-lb-internal"
-  #version          = "~> 2.2"
+  source                  = "GoogleCloudPlatform/lb-internal/google"
+  version                 = "~> 2.4.0"
   for_each                = toset(var.regions)
   region                  = each.key
   name                    = each.key
@@ -107,6 +107,7 @@ module "ilbs" {
     request             = null
     request_path        = null
     host                = null
+    enable_log          = var.health_check_enable_log
   }
   project = var.project_id
 }

3-networks/modules/transitivity/variables.tf

@@ -51,3 +51,9 @@ variable "firewall_enable_logging" {
   description = "Toggle firewall logging for VPC Firewalls."
   default     = true
 }
+
+variable "health_check_enable_log" {
+  type        = bool
+  description = "Toggle logging for health checks."
+  default     = false
+}

3-networks/modules/vpn-ha/README.md

@@ -1,6 +1,6 @@
 # High Availability VPN module
 
-This module implementes the recomendation proposed in
+This module implements the recommendation proposed in
 [High Availability VPN](https://cloud.google.com/network-connectivity/docs/vpn/concepts/topologies#overview).
 
 If you are not able to use Dedicated Interconnect or Partner Interconnect you can also use an High Availability Cloud VPN to connect the On-Prem to your Google Organization.

4-projects/.gitignore

@@ -19,9 +19,6 @@
 Session.vim
 .netrwhist
 
-# IntelliJ IDEA files:
-.idea/
-
 ### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore
 
 # Local .terraform directories