Alloydb Service

inputs/gcp/alloyDB/Google_alloydb_cluster/automated_backup_policy/c.tf

@@ -0,0 +1,21 @@
+resource "google_alloydb_cluster" "c" {
+  cluster_id = "c"
+  location   = "us-central1"
+  project = "123"
+
+  network_config {
+    network = "projects/pde-demo/global/networks/prod-vpc"
+  }
+
+  initial_user {
+    user     = "admin"
+    password = "StrongPassw0rd!"
+  }
+
+  automated_backup_policy {
+    location = "us"
+    time_based_retention {
+      retention_period = "604800s" # 7 days
+    }
+  }
+}

inputs/gcp/alloyDB/Google_alloydb_cluster/automated_backup_policy/config.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}

inputs/gcp/alloyDB/Google_alloydb_cluster/automated_backup_policy/nc.tf

@@ -0,0 +1,22 @@
+resource "google_alloydb_cluster" "nc" {
+  cluster_id = "nc"
+  location   = "us-central1"
+  project = "123"
+
+  network_config {
+    network = "projects/pde-demo/global/networks/default"
+  }
+
+  initial_user {
+    user     = "admin"
+    password = "weak-pass"
+  }
+
+  # Non-compliant: retention too low (1 day)
+  automated_backup_policy {
+    location = "us"
+    time_based_retention {
+      retention_period = "86400s"
+    }
+  }
+}

inputs/gcp/alloyDB/Google_alloydb_cluster/continuous_backup_config/c.tf

@@ -0,0 +1,16 @@
+resource "google_alloydb_cluster" "c" {
+  cluster_id = "c1"
+  location   = "us-central1"
+  project = "123"
+
+  network_config {
+    network = "projects/p/global/networks/prod-vpc"
+  }
+
+  continuous_backup_config {
+    enabled = true
+    encryption_config {
+      kms_key_name = "projects/p/locations/us-central1/keyRings/kr/cryptoKeys/key"
+    }
+  }
+}

inputs/gcp/alloyDB/Google_alloydb_cluster/continuous_backup_config/config.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}

inputs/gcp/alloyDB/Google_alloydb_cluster/continuous_backup_config/nc.tf

@@ -0,0 +1,14 @@
+resource "google_alloydb_cluster" "nc" {
+  location   = "us-central1"
+  cluster_id = "cluster-cbk-off"
+  project = "123"
+
+  network_config {
+    network = "projects/pde-demo/global/networks/default"
+  }
+
+  continuous_backup_config {
+    enabled = false
+    # encryption_config block omitted to trigger CMEK violation
+  }
+}

inputs/gcp/alloyDB/Google_alloydb_cluster/deletion_policy/c.tf

@@ -0,0 +1,16 @@
+resource "google_alloydb_cluster" "c" {
+  cluster_id = "secure-cluster"
+  location   = "us-central1"
+  project = "123"
+
+  network_config {
+    network = "projects/pde-demo/global/networks/default"
+  }
+
+  deletion_policy = "RETAIN"
+
+  initial_user {
+    user     = "admin"
+    password = "secure-password"
+  }
+}

inputs/gcp/alloyDB/Google_alloydb_cluster/deletion_policy/config.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}

inputs/gcp/alloyDB/Google_alloydb_cluster/deletion_policy/nc.tf

@@ -0,0 +1,16 @@
+resource "google_alloydb_cluster" "nc" {
+  cluster_id = "dangerous-cluster"
+  location   = "us-central1"
+  project = "123"
+
+  network_config {
+    network = "projects/pde-demo/global/networks/default"
+  }
+
+  deletion_policy = "DESTROY"
+
+  initial_user {
+    user     = "admin"
+    password = "weak-password"
+  }
+}

inputs/gcp/alloyDB/Google_alloydb_cluster/network_config/c.tf

@@ -0,0 +1,8 @@
+resource "google_alloydb_instance" "c" {
+  cluster       = "projects/pde-demo/locations/us-central1/clusters/cluster-c"
+  instance_id   = "inst-no-public-ip"
+  instance_type = "PRIMARY"
+  gce_zone      = "us-central1-a"
+
+  network_config { enable_public_ip = false }
+}

inputs/gcp/alloyDB/Google_alloydb_cluster/network_config/config.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}

inputs/gcp/alloyDB/Google_alloydb_cluster/network_config/nc.tf

@@ -0,0 +1,8 @@
+resource "google_alloydb_instance" "nc" {
+  cluster       = "projects/pde-demo/locations/us-central1/clusters/cluster-nc"
+  instance_id   = "inst-public-ip"
+  instance_type = "PRIMARY"
+  gce_zone      = "us-east1-b"
+
+  network_config { enable_public_ip = true }
+}

inputs/gcp/alloyDB/Google_alloydb_cluster/network_policy/c.tf

@@ -0,0 +1,14 @@
+resource "google_alloydb_cluster" "c" {
+  cluster_id = "cluster-approved"
+  location   = "us-central1"
+  project = "123"
+
+  network_config {
+    network = "projects/pde-demo/global/networks/prod-vpc"
+  }
+
+  initial_user {
+    user     = "admin"
+    password = "StrongPass1!"
+  }
+}

inputs/gcp/alloyDB/Google_alloydb_cluster/network_policy/config.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}

inputs/gcp/alloyDB/Google_alloydb_cluster/network_policy/nc.tf

@@ -0,0 +1,14 @@
+resource "google_alloydb_cluster" "nc" {
+  cluster_id = "cluster-default-vpc"
+  location   = "us-central1"
+  project = "123"
+
+  network_config {
+    network = "projects/pde-demo/global/networks/default"
+  }
+
+  initial_user {
+    user     = "admin"
+    password = "StrongPass1!"
+  }
+}

inputs/gcp/alloyDB/Google_alloydb_user/user_id/c.tf

@@ -0,0 +1,6 @@
+# Compliant example for user_id policy
+resource "google_alloydb_user" "c" {
+  cluster   = "projects/p/locations/us-central1/clusters/cluster-c"
+  user_id   = "pde_allowed_user" # passes reserved-name check
+  user_type = "ALLOYDB_BUILT_IN" # valid enum
+}

inputs/gcp/alloyDB/Google_alloydb_user/user_id/config.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {}

inputs/gcp/alloyDB/Google_alloydb_user/user_id/nc.tf

@@ -0,0 +1,6 @@
+# Non-compliant example (violates reserved-name rule)
+resource "google_alloydb_user" "nc" {
+  cluster   = "projects/p/locations/us-central1/clusters/cluster-nc"
+  user_id   = "root" # intentionally disallowed
+  user_type = "ALLOYDB_BUILT_IN"
+}