zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Align with master branch

This commit is contained in:
Lorenzo Caggioni 2022-02-14 10:27:03 +01:00
parent f98d690516
commit 026cea4554
3 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fast/stages/00-bootstrap/organization.tf
View File

@ -195,7 +195,6 @@ resource "google_organization_iam_binding" "org_admin_delegated" {
"roles/compute.orgFirewallPolicyAdmin", "roles/compute.orgFirewallPolicyAdmin",
"roles/compute.xpnAdmin", "roles/compute.xpnAdmin",
"roles/orgpolicy.policyAdmin", "roles/orgpolicy.policyAdmin",
module.organization.custom_role_id.serviceProjectNetworkAdmin
], ],
local.billing_org ? [ local.billing_org ? [
"roles/billing.admin", "roles/billing.admin",

6
fast/stages/01-resman/organization.tf
View File

@ -19,7 +19,7 @@
locals { locals {
# set to the empty list if you remove the data platform branch # set to the empty list if you remove the data platform branch
branch_dataplatform_pf_sa_iam_emails = [ branch_dataplatform_sa_iam_emails = [
module.branch-dp-dev-sa.iam_email, module.branch-dp-dev-sa.iam_email,
module.branch-dp-prod-sa.iam_email module.branch-dp-prod-sa.iam_email
] ]
@ -64,7 +64,7 @@ module "organization" {
module.branch-network-sa.iam_email module.branch-network-sa.iam_email
] ]
"roles/orgpolicy.policyAdmin" = concat( "roles/orgpolicy.policyAdmin" = concat(
local.branch_dataplatform_pf_sa_iam_emails, local.branch_dataplatform_sa_iam_emails,
local.branch_teams_pf_sa_iam_emails local.branch_teams_pf_sa_iam_emails
) )
}, },
@ -79,7 +79,7 @@ module "organization" {
# [ # [
# for k, v in module.branch-teams-team-sa : v.iam_email # for k, v in module.branch-teams-team-sa : v.iam_email
# ], # ],
local.branch_dataplatform_pf_sa_iam_emails, local.branch_dataplatform_sa_iam_emails,
local.branch_teams_pf_sa_iam_emails local.branch_teams_pf_sa_iam_emails
) )
} : {} } : {}

4
fast/stages/README.md
View File

@ -17,8 +17,8 @@ Refer to each stage's documentation for a detailed description of its purpose, t
- [Security](02-security/README.md) - [Security](02-security/README.md)
Manages centralized security configurations in a separate stage, and is typically owned by the security team. This stage implements VPC Security Controls via separate perimeters for environments and central services, and creates projects to host centralized KMS keys used by the whole organization. It's meant to be easily extended to include other security-related resources which are required, like Secret Manager. Manages centralized security configurations in a separate stage, and is typically owned by the security team. This stage implements VPC Security Controls via separate perimeters for environments and central services, and creates projects to host centralized KMS keys used by the whole organization. It's meant to be easily extended to include other security-related resources which are required, like Secret Manager.
- [Networking](02-networking/README.md) - Networking ([VPN](02-networking-vpn/README.md)/[NVA](02-networking-nva/README.md))
Manages centralized network resources in a separate stage, and is typically owned by the networking team. This stage implements a hub-and-spoke design, and includes connectivity via VPN to on-premises, and YAML-based factories for firewall rules (hierarchical and VPC-level) and subnets. Manages centralized network resources in a separate stage, and is typically owned by the networking team. This stage implements a hub-and-spoke design, and includes connectivity via VPN to on-premises, and YAML-based factories for firewall rules (hierarchical and VPC-level) and subnets. It's currently available in two versions: [spokes connected via VPN](02-networking-vpn/README.md), [and spokes connected via appliances](02-networking-nva/README.md).
## Environment-level resources (03) ## Environment-level resources (03)