removing step git reset --hard $CI_COMMIT_SHA

Author: chkp-eddiek

terraform/gcp/high-availability/README.md

@@ -117,13 +117,13 @@ project = "project-id"
 # --- Check Point Deployment ---
 prefix = "chkp-tf-ha"
 license = "BYOL"
-image_name = "check-point-r8120-gw-byol-cluster-631-991001335-v20230622"
+image_name = "check-point-r8120-gw-byol-cluster-631-991001669-v20240923"
 os_version = "R8120"
 
 # --- Instances Configuration ---
 region = "us-central1"
-zoneA = "us-central1-a"
-zoneB = "us-central1-a"
+zone_a = "us-central1-a"
+zone_b = "us-central1-a"
 machine_type = "n1-standard-4"
 disk_type = "SSD Persistent Disk"
 disk_size = 100
@@ -223,17 +223,17 @@ internal_network1_subnetwork_name = ""
 | Name          | Description   | Type          | Allowed values | Default       | Required      |
 | ------------- | ------------- | ------------- | ------------- | ------------- | ------------- |
 | service_account_path | User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored. (e.g. "service-accounts/service-account-name.json")  | string  | N/A | "" | yes |
-| project  | Personal project id. The project indicates the default GCP project all of your resources will be created in.  | string  | N/A | "" | yes |
+| project  | Personal project ID. The project indicates the default GCP project all of your resources will be created in. The project ID must be 6-30 characters long, start with a letter, and can only include lowercase letters, numbers, hyphenst and cannot end with a hyphen.  | string  | N/A | "" | yes |
 |  |  |  |  |  |
 | prefix | (Optional) Resources name prefix. | string | N/A | "chkp-tf-ha" | no |
 | license | Checkpoint license (BYOL or PAYG). | string | - BYOL <br/> - PAYG <br/> | "BYOL" | no |
-| image_name | The High Availability (cluster) image name (e.g. check-point-r8120-gw-byol-cluster-631-991001335-v20230622). You can choose the desired cluster image value from [Github](https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/ha-byol/images.py). | string | N/A | N/A | yes |
+| image_name | The High Availability (cluster) image name (e.g. check-point-r8120-gw-byol-cluster-631-991001669-v20240923). You can choose the desired cluster image value from [Github](https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/ha-byol/images.py). | string | N/A | N/A | yes |
 |  |  |  |  |  |
-| os_version |GAIA OS Version | string | R81;<br/> R8110;<br/> R8120;<br/> R82 | R8120 | yes |
+| os_version |GAIA OS Version | string | R81;<br/> R8110;<br/> R8120;<br/> R82; | R8120 | yes |
 |  |  |  |  |  |
 | region  | GCP region  | string  | N/A | "us-central1" | no |
-| zoneA  | Member A Zone. The zone determines what computing resources are available and where your data is stored and used.  | string  | N/A | "us-central1-a" | no |
-| zoneB  | Member B Zone.  | string  | N/A | "us-central1-a" | no |
+| zone_a  | Member A Zone. The zone determines what computing resources are available and where your data is stored and used.  | string  | N/A | "us-central1-a" | no |
+| zone_b  | Member B Zone.  | string  | N/A | "us-central1-a" | no |
 | machine_type | Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have. | string | N/A | "n1-standard-4" | no |
 | disk_type | Storage space is much less expensive for a standard Persistent Disk. An SSD Persistent Disk is better for random IOPS or streaming throughput with low latency. | string | - SSD Persistent Disk <br/>  - Standard Persistent Disk | "SSD Persistent Disk" | no |
 | disk_size | Disk size in GB - Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. | number | number between 100 and 4096 | 100 | no |
@@ -304,9 +304,7 @@ In order to check the template version refer to the [sk116585](https://supportce
 
 | Template Version | Description   |
 | ---------------- | ------------- |
-| 20241027 |  Added R82 support |
-| | | |
-| 20230910 | - R81.20 is the default version |
+| 20230910 | R81.20 is the default version. |
 | | | |
 | 20230209 | Added Smart-1 Cloud support. |
 | | | |

terraform/gcp/high-availability/locals.tf

@@ -1,25 +1,7 @@
 locals {
-  license_allowed_values = [
-    "BYOL",
-    "PAYG"]
-  // will fail if [var.license] is invalid:
-  validate_license = index(local.license_allowed_values, upper(var.license))
-
-  regex_validate_image_name = "^check-point-${lower(var.os_version)}-gw-.*[0-9]{3}-([0-9]{3,}|[a-z]+)-v[0-9]{8,}.*"
-  // will fail if the image name is not in the right syntax
-  validate_image_name = length(regexall(local.regex_validate_image_name, var.image_name)) > 0 ? 0 : index(split("-", var.image_name), "INVALID IMAGE NAME")
-
-  version_allowed_values = [
-    "R81",
-    "R8110",
-    "R8120",
-    "R82"
-  ]
-  // Will fail if var.os_version is invalid:
-  validate_os_version = index(local.version_allowed_values, var.os_version)
-
-  split_zoneA = split("-", var.zoneA)
-  split_zoneB = split("-", var.zoneB)
+
+  split_zoneA = split("-", var.zone_a)
+  split_zoneB = split("-", var.zone_b)
   // will fail if the var.zoneA and var.zoneB are not at the same region:
   validate_zones = index(local.split_zoneA, local.split_zoneB[0]) == local.split_zoneA[0] && index(local.split_zoneA, local.split_zoneB[1]) == local.split_zoneA[0] ? 0 : "var.zoneA and var.zoneB are not at the same region"
 
@@ -42,13 +24,6 @@ locals {
   // Will fail if var.disk_type is invalid
   validate_disk_type = index(local.disk_type_allowed_values, var.disk_type)
 
-  admin_shell_allowed_values = [
-    "/etc/cli.sh",
-    "/bin/bash",
-    "/bin/csh",
-    "/bin/tcsh"]
-  // Will fail if var.admin_shell is invalid
-  validate_admin_shell = index(local.admin_shell_allowed_values, var.admin_shell)
 
   // Will fail if var.cluster_network_name or var.cluster_network_subnetwork_name are empty double quotes in case of use existing network.
   validate_cluster_network = var.cluster_network_cidr == "" && var.cluster_network_name == "" ? index("error:", "using existing cluster network - cluster network name is missing") : 0
@@ -83,15 +58,10 @@ locals {
   validate_internal_network6_subnet = var.num_internal_networks >= 6 && var.internal_network6_cidr == "" && var.internal_network6_subnetwork_name == "" ? index("error:", "using existing network6 - internal network6 subnet name is missing") : 0
 
 
-  regex_valid_admin_SSH_key = "^(^$|ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3})"
-  // Will fail if var.admin_SSH_key is invalid
-  regex_admin_SSH_key = regex(local.regex_valid_admin_SSH_key, var.admin_SSH_key) == var.admin_SSH_key ? 0 : "Please enter a valid SSH public key or leave empty"
-
   regex_valid_sic_key = "^([a-z0-9A-Z]{8,30})$"
   // Will fail if var.sic_key is invalid
-  regex_sic_key = regex(local.regex_valid_sic_key, var.sic_key) == var.sic_key ? 0 : "Variable [sic_key] must be at least 8 alpha numeric characters."
-
-
+  regex_sic_key = length(regexall(local.regex_valid_sic_key, var.sic_key) )> 0  ? 0 : "Variable [sicKey] must be at least 8 alphanumeric characters."
+  index_sic_key  = index(["0"], local.regex_sic_key)
 
 
   create_cluster_network_condition = var.cluster_network_cidr == "" ? false : true

terraform/gcp/high-availability/main.tf

@@ -4,6 +4,15 @@ provider "google" {
   region = var.region
 }
 
+module "common" {
+  source = "../common/common"
+  installation_type = "Cluster"
+  os_version = var.os_version
+  image_name = var.image_name
+  admin_shell = var.admin_shell
+  license = var.license
+  admin_SSH_key = var.admin_SSH_key
+}
 resource "random_string" "random_string" {
   length = 5
   special = false
@@ -211,8 +220,8 @@ module "members_a_b" {
 
   prefix = "${var.prefix}-${random_string.random_string.result}"
   region = var.region
-  zoneA = var.zoneA
-  zoneB = var.zoneB
+  zone_a = var.zone_a
+  zone_b = var.zone_b
   machine_type = var.machine_type
   disk_size = var.disk_size
   disk_type = var.disk_type

terraform/gcp/high-availability/output.tf

@@ -4,56 +4,48 @@ output "cluster_new_created_network" {
 output "cluster_new_created_subnet" {
   value = module.cluster_network_and_subnet.new_created_subnet_name
 }
-
 output "mgmt_new_created_network" {
   value = module.mgmt_network_and_subnet.new_created_network_name
 }
 output "mgmt_new_created_subnet" {
   value = module.mgmt_network_and_subnet.new_created_subnet_name
 }
-
 output "int_network1_new_created_network" {
   value = module.internal_network1_and_subnet.new_created_network_name
 }
 output "int_network1_new_created_subnet" {
   value = module.internal_network1_and_subnet.new_created_subnet_name
 }
-
 output "int_network2_new_created_network" {
   value = module.internal_network2_and_subnet[*].new_created_network_name
 }
 output "int_network2_new_created_subnet" {
   value = module.internal_network2_and_subnet[*].new_created_subnet_name
 }
-
 output "int_network3_new_created_network" {
   value = module.internal_network3_and_subnet[*].new_created_network_name
 }
 output "int_network3_new_created_subnet" {
   value = module.internal_network3_and_subnet[*].new_created_subnet_name
 }
-
 output "int_network4_new_created_network" {
   value = module.internal_network4_and_subnet[*].new_created_network_name
 }
 output "int_network4_new_created_subnet" {
   value = module.internal_network4_and_subnet[*].new_created_subnet_name
 }
-
 output "int_network5_new_created_network" {
   value = module.internal_network5_and_subnet[*].new_created_network_name
 }
 output "int_network5_new_created_subnet" {
   value = module.internal_network5_and_subnet[*].new_created_subnet_name
 }
-
 output "int_network6_new_created_network" {
   value = module.internal_network6_and_subnet[*].new_created_network_name
 }
 output "int_network6_new_created_subnet" {
   value = module.internal_network6_and_subnet[*].new_created_subnet_name
 }
-
 output "cluster_ICMP_firewall_rule" {
   value = module.cluster_ICMP_firewall_rules[*].firewall_rule_name
 }
@@ -69,7 +61,6 @@ output "cluster_SCTP_firewall_rule" {
 output "cluster_ESP_firewall_rule" {
   value = module.cluster_ESP_firewall_rules[*].firewall_rule_name
 }
-
 output "mgmt_ICMP_firewall_rule" {
   value = module.mgmt_ICMP_firewall_rules[*].firewall_rule_name
 }
@@ -85,7 +76,6 @@ output "mgmt_SCTP_firewall_rule" {
 output "mgmt_ESP_firewall_rule" {
   value = module.mgmt_ESP_firewall_rules[*].firewall_rule_name
 }
-
 output "cluster_ip_external_address" {
   value = google_compute_address.primary_cluster_ip_ext_address.address
 }
@@ -95,23 +85,21 @@ output "admin_password" {
 output "sic_key" {
   value = var.sic_key
 }
-
 output "member_a_name" {
   value = module.members_a_b.member_a_name
 }
 output "member_a_external_ip" {
   value = module.members_a_b.member_a_external_ip
 }
 output "member_a_zone" {
-  value = var.zoneA
+  value = var.zone_a
 }
-
 output "member_b_name" {
   value = module.members_a_b.member_b_name
 }
 output "member_b_external_ip" {
   value = module.members_a_b.member_b_external_ip
 }
 output "member_b_zone" {
-  value = var.zoneB
+  value = var.zone_b
 }

terraform/gcp/high-availability/terraform.tfvars

@@ -5,13 +5,13 @@ project                               = "PLEASE ENTER PROJECT ID"
 # --- Check Point Deployment ---
 prefix                                = "PLEASE ENTER PREFIX"                         # "chkp-tf-ha"
 license                               = "PLEASE ENTER LICENSE"                        # "BYOL"
-image_name                            = "PLEASE ENTER IMAGE NAME"                     # "check-point-r8120-gw-byol-cluster-631-991001335-v20230622"
+image_name                            = "PLEASE ENTER IMAGE NAME"                     # "check-point-r8120-gw-byol-cluster-631-991001669-v20240923"
 os_version                            = "PLEASE ENTER GAIA OS VERSION"                # "R8120"
 
 # --- Instances Configuration ---
 region                                = "PLEASE ENTER REGION"                         # "us-central1"
-zoneA                                 = "PLEASE ENTER ZONE A"                         # "us-central1-a"
-zoneB                                 = "PLEASE ENTER ZONE B"                         # "us-central1-a"
+zone_a                                = "PLEASE ENTER ZONE A"                         # "us-central1-a"
+zone_b                                = "PLEASE ENTER ZONE B"                         # "us-central1-a"
 machine_type                          = "PLEASE ENTER MACHINE TYPE"                   # "n1-standard-4"
 disk_type                             = "PLEASE ENTER DISK TYPE"                      # "SSD Persistent Disk"
 disk_size                             = "PLEASE ENTER DISK SIZE"                      # 100
@@ -27,8 +27,8 @@ admin_shell                           = "PLEASE ENTER ADMIN SHELL"
 maintenance_mode_password_hash        = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 
 # --- Quick connect to Smart-1 Cloud ---
-smart_1_cloud_token_a                     = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL"  # ""
-smart_1_cloud_token_b                     = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL"  # ""
+smart_1_cloud_token_a                 = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL"  # ""
+smart_1_cloud_token_b                 = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL"  # ""
 
 # --- Networking ---
 cluster_network_cidr                  = "PLEASE ENTER CLUSTER NETWORK CIDR"           # "10.0.1.0/24"

terraform/gcp/high-availability/variables.tf

@@ -10,6 +10,10 @@ variable "project" {
   type = string
   description = "Personal project id. The project indicates the default GCP project all of your resources will be created in."
   default = ""
+  validation {
+    condition = can(regex("^[a-z][a-z0-9-]{4,28}[a-z0-9]$", var.project)) && length(var.project) >= 6 && length(var.project) <= 30
+    error_message = "The project ID must be 6-30 characters long, start with a letter, and can only include lowercase letters, numbers, hyphenst and cannot end with a hyphen."
+  }
 }
 
 # --- Check Point Deployment ---
@@ -32,20 +36,19 @@ variable "os_version" {
   description = "GAIA OS version"
   default = "R8120"
 }
-
 # --- Instances Configuration ---
 data "google_compute_regions" "available_regions" {
 }
 variable "region" {
   type = string
   default = "us-central1"
 }
-variable "zoneA" {
+variable "zone_a" {
   type = string
   description = "Member A Zone. The zone determines what computing resources are available and where your data is stored and used."
   default = "us-central1-a"
 }
-variable "zoneB" {
+variable "zone_b" {
   type = string
   description = "Member B Zone."
   default = "us-central1-a"
@@ -75,7 +78,6 @@ variable "enable_monitoring" {
   description = "Enable Stackdriver monitoring"
   default = false
 }
-
 # --- Check Point ---
 variable "management_network" {
   type = string
@@ -130,6 +132,7 @@ resource "null_resource" "validate_both_tokens" {
 resource "null_resource" "validate_different_tokens" {
   count = var.smart_1_cloud_token_a != "" && var.smart_1_cloud_token_a == var.smart_1_cloud_token_b ? "To connect to Smart-1 Cloud, you must provide two different tokens" : 0
 }
+
 # --- Networking ---
 variable "cluster_network_cidr" {
   type = string

terraform/gcp/high-availability/versions.tf

@@ -0,0 +1,18 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 3.53, < 5.0"
+    }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.4"
+    }
+  }
+
+  provider_meta "google" {
+    module_name = "blueprints/terraform/canonical-mp/v0.0.1"
+  }
+}