From 18adf869aee6eb08852399b0a8a77255a38f28c2 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Fri, 4 Feb 2022 16:06:56 +0100 Subject: [PATCH] Update networking stages to use multiple folders Co-authored-by: Daniel Marzini --- fast/stages/01-resman/README.md | 14 ++++++------- fast/stages/02-networking-nva/README.md | 20 +++++++++---------- fast/stages/02-networking-nva/main.tf | 4 ++-- fast/stages/02-networking-nva/variables.tf | 14 +++---------- fast/stages/02-networking-nva/vpc-landing.tf | 2 +- .../stages/02-networking-nva/vpc-spoke-dev.tf | 2 +- .../02-networking-nva/vpc-spoke-prod.tf | 2 +- fast/stages/02-networking-vpn/README.md | 20 +++++++++---------- fast/stages/02-networking-vpn/main.tf | 4 ++-- fast/stages/02-networking-vpn/variables.tf | 14 +++---------- fast/stages/02-networking-vpn/vpc-landing.tf | 2 +- .../stages/02-networking-vpn/vpc-spoke-dev.tf | 2 +- .../02-networking-vpn/vpc-spoke-prod.tf | 2 +- 13 files changed, 43 insertions(+), 59 deletions(-) diff --git a/fast/stages/01-resman/README.md b/fast/stages/01-resman/README.md index 46a8a383..b83c17a0 100644 --- a/fast/stages/01-resman/README.md +++ b/fast/stages/01-resman/README.md @@ -175,12 +175,12 @@ Due to its simplicity, this stage lends itself easily to customizations: adding | name | description | sensitive | consumers | |---|---|:---:|---| -| [networking](outputs.tf#L84) | Data for the networking stage. | | 02-networking | -| [project_factories](outputs.tf#L94) | Data for the project factories stage. | | xx-teams | -| [providers](outputs.tf#L111) | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · xx-sandbox · xx-teams | -| [sandbox](outputs.tf#L118) | Data for the sandbox stage. | | xx-sandbox | -| [security](outputs.tf#L128) | Data for the networking stage. | | 02-security | -| [teams](outputs.tf#L138) | Data for the teams stage. | | | -| [tfvars](outputs.tf#L151) | Terraform variable files for the following stages. | ✓ | | +| [networking](outputs.tf#L88) | Data for the networking stage. | | 02-networking | +| [project_factories](outputs.tf#L98) | Data for the project factories stage. | | xx-teams | +| [providers](outputs.tf#L115) | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · xx-sandbox · xx-teams | +| [sandbox](outputs.tf#L122) | Data for the sandbox stage. | | xx-sandbox | +| [security](outputs.tf#L132) | Data for the networking stage. | | 02-security | +| [teams](outputs.tf#L142) | Data for the teams stage. | | | +| [tfvars](outputs.tf#L155) | Terraform variable files for the following stages. | ✓ | | diff --git a/fast/stages/02-networking-nva/README.md b/fast/stages/02-networking-nva/README.md index 2f692df5..1b7f232e 100644 --- a/fast/stages/02-networking-nva/README.md +++ b/fast/stages/02-networking-nva/README.md @@ -321,19 +321,19 @@ Don't forget to add a peering zone in the landing project and point it to the ne | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| | [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | 00-bootstrap | -| [organization](variables.tf#L99) | Organization details. | object({…}) | ✓ | | 00-bootstrap | -| [prefix](variables.tf#L115) | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap | +| [folder_ids](variables.tf#L59) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | map(string) | ✓ | | 01-resman | +| [organization](variables.tf#L91) | Organization details. | object({…}) | ✓ | | 00-bootstrap | +| [prefix](variables.tf#L107) | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap | | [custom_adv](variables.tf#L23) | Custom advertisement definitions in name => range format. | map(string) | | {…} | | | [data_dir](variables.tf#L45) | Relative path for the folder storing configuration data for network resources. | string | | "data" | | | [dns](variables.tf#L51) | Onprem DNS resolvers | map(list(string)) | | {…} | | -| [folder_id](variables.tf#L59) | Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | string | | null | 01-resman | -| [l7ilb_subnets](variables.tf#L73) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | | -| [onprem_cidr](variables.tf#L91) | Onprem addresses in name => range format. | map(string) | | {…} | | -| [outputs_location](variables.tf#L109) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [project_factory_sa](variables.tf#L121) | IAM emails for project factory service accounts | map(string) | | {} | 01-resman | -| [psa_ranges](variables.tf#L128) | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | | -| [router_configs](variables.tf#L143) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | | -| [vpn_onprem_configs](variables.tf#L166) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | +| [l7ilb_subnets](variables.tf#L65) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | | +| [onprem_cidr](variables.tf#L83) | Onprem addresses in name => range format. | map(string) | | {…} | | +| [outputs_location](variables.tf#L101) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| [project_factory_sa](variables.tf#L113) | IAM emails for project factory service accounts | map(string) | | {} | 01-resman | +| [psa_ranges](variables.tf#L120) | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | | +| [router_configs](variables.tf#L135) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | | +| [vpn_onprem_configs](variables.tf#L158) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | ## Outputs diff --git a/fast/stages/02-networking-nva/main.tf b/fast/stages/02-networking-nva/main.tf index db03c69a..932191dc 100644 --- a/fast/stages/02-networking-nva/main.tf +++ b/fast/stages/02-networking-nva/main.tf @@ -29,8 +29,8 @@ module "folder" { source = "../../../modules/folder" parent = "organizations/${var.organization.id}" name = "Networking" - folder_create = var.folder_id == null - id = var.folder_id + folder_create = var.folder_ids.networking == null + id = var.folder_ids.networking firewall_policy_factory = { cidr_file = "${var.data_dir}/cidrs.yaml" policy_name = null diff --git a/fast/stages/02-networking-nva/variables.tf b/fast/stages/02-networking-nva/variables.tf index 6756e5b6..355eccf4 100644 --- a/fast/stages/02-networking-nva/variables.tf +++ b/fast/stages/02-networking-nva/variables.tf @@ -56,18 +56,10 @@ variable "dns" { } } -variable "folder_id" { +variable "folder_ids" { # tfdoc:variable:source 01-resman - description = "Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created." - type = string - default = null - validation { - condition = ( - var.folder_id == null || - can(regex("folders/[0-9]{8,}", var.folder_id)) - ) - error_message = "Invalid folder_id. Should be in 'folders/nnnnnnnnnnn' format." - } + description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created." + type = map(string) } variable "l7ilb_subnets" { diff --git a/fast/stages/02-networking-nva/vpc-landing.tf b/fast/stages/02-networking-nva/vpc-landing.tf index 9f6d0a92..e49c6c57 100644 --- a/fast/stages/02-networking-nva/vpc-landing.tf +++ b/fast/stages/02-networking-nva/vpc-landing.tf @@ -20,7 +20,7 @@ module "landing-project" { source = "../../../modules/project" billing_account = var.billing_account_id name = "prod-net-landing-0" - parent = var.folder_id + parent = var.folder_ids.networking prefix = var.prefix service_config = { disable_on_destroy = false diff --git a/fast/stages/02-networking-nva/vpc-spoke-dev.tf b/fast/stages/02-networking-nva/vpc-spoke-dev.tf index 392b5750..628b6490 100644 --- a/fast/stages/02-networking-nva/vpc-spoke-dev.tf +++ b/fast/stages/02-networking-nva/vpc-spoke-dev.tf @@ -20,7 +20,7 @@ module "dev-spoke-project" { source = "../../../modules/project" billing_account = var.billing_account_id name = "dev-net-spoke-0" - parent = var.folder_id + parent = var.folder_ids.networking-dev prefix = var.prefix service_config = { disable_on_destroy = false diff --git a/fast/stages/02-networking-nva/vpc-spoke-prod.tf b/fast/stages/02-networking-nva/vpc-spoke-prod.tf index 320175dc..f0555263 100644 --- a/fast/stages/02-networking-nva/vpc-spoke-prod.tf +++ b/fast/stages/02-networking-nva/vpc-spoke-prod.tf @@ -20,7 +20,7 @@ module "prod-spoke-project" { source = "../../../modules/project" billing_account = var.billing_account_id name = "prod-net-spoke-0" - parent = var.folder_id + parent = var.folder_ids.networking-prod prefix = var.prefix service_config = { disable_on_destroy = false diff --git a/fast/stages/02-networking-vpn/README.md b/fast/stages/02-networking-vpn/README.md index a485d1c7..c32cd2f5 100644 --- a/fast/stages/02-networking-vpn/README.md +++ b/fast/stages/02-networking-vpn/README.md @@ -309,20 +309,20 @@ DNS configurations are centralised in the `dns.tf` file. Spokes delegate DNS res | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| | [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | 00-bootstrap | -| [organization](variables.tf#L93) | Organization details. | object({…}) | ✓ | | 00-bootstrap | -| [prefix](variables.tf#L109) | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap | +| [folder_idd](variables.tf#L61) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | map(string) | ✓ | | 01-resman | +| [organization](variables.tf#L85) | Organization details. | object({…}) | ✓ | | 00-bootstrap | +| [prefix](variables.tf#L101) | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap | | [custom_adv](variables.tf#L23) | Custom advertisement definitions in name => range format. | map(string) | | {…} | | | [custom_roles](variables.tf#L40) | Custom roles defined at the org level, in key => id format. | map(string) | | {} | 00-bootstrap | | [data_dir](variables.tf#L47) | Relative path for the folder storing configuration data for network resources. | string | | "data" | | | [dns](variables.tf#L53) | Onprem DNS resolvers. | map(list(string)) | | {…} | | -| [folder_id](variables.tf#L61) | Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | string | | null | 01-resman | -| [l7ilb_subnets](variables.tf#L75) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | | -| [outputs_location](variables.tf#L103) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | -| [project_factory_sa](variables.tf#L115) | IAM emails for project factory service accounts. | map(string) | | {} | 01-resman | -| [psa_ranges](variables.tf#L122) | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | | -| [router_configs](variables.tf#L137) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | | -| [vpn_onprem_configs](variables.tf#L161) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | -| [vpn_spoke_configs](variables.tf#L217) | VPN gateway configuration for spokes. | map(object({…})) | | {…} | | +| [l7ilb_subnets](variables.tf#L67) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | | +| [outputs_location](variables.tf#L95) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | | +| [project_factory_sa](variables.tf#L107) | IAM emails for project factory service accounts. | map(string) | | {} | 01-resman | +| [psa_ranges](variables.tf#L114) | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | | +| [router_configs](variables.tf#L129) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | | +| [vpn_onprem_configs](variables.tf#L153) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | | +| [vpn_spoke_configs](variables.tf#L209) | VPN gateway configuration for spokes. | map(object({…})) | | {…} | | ## Outputs diff --git a/fast/stages/02-networking-vpn/main.tf b/fast/stages/02-networking-vpn/main.tf index 4a3f4748..fcca8867 100644 --- a/fast/stages/02-networking-vpn/main.tf +++ b/fast/stages/02-networking-vpn/main.tf @@ -53,8 +53,8 @@ module "folder" { source = "../../../modules/folder" parent = "organizations/${var.organization.id}" name = "Networking" - folder_create = var.folder_id == null - id = var.folder_id + folder_create = var.folder_ids.networking == null + id = var.folder_ids.networking firewall_policy_factory = { cidr_file = "${var.data_dir}/cidrs.yaml" policy_name = null diff --git a/fast/stages/02-networking-vpn/variables.tf b/fast/stages/02-networking-vpn/variables.tf index 4c134e2f..30af80f1 100644 --- a/fast/stages/02-networking-vpn/variables.tf +++ b/fast/stages/02-networking-vpn/variables.tf @@ -58,18 +58,10 @@ variable "dns" { } } -variable "folder_id" { +variable "folder_idd" { # tfdoc:variable:source 01-resman - description = "Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created." - type = string - default = null - validation { - condition = ( - var.folder_id == null || - can(regex("folders/[0-9]{8,}", var.folder_id)) - ) - error_message = "Invalid folder_id. Should be in 'folders/nnnnnnnnnnn' format." - } + description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created." + type = map(string) } variable "l7ilb_subnets" { diff --git a/fast/stages/02-networking-vpn/vpc-landing.tf b/fast/stages/02-networking-vpn/vpc-landing.tf index 5b6673f7..59505525 100644 --- a/fast/stages/02-networking-vpn/vpc-landing.tf +++ b/fast/stages/02-networking-vpn/vpc-landing.tf @@ -20,7 +20,7 @@ module "landing-project" { source = "../../../modules/project" billing_account = var.billing_account_id name = "prod-net-landing-0" - parent = var.folder_id + parent = var.folder_ids.networking prefix = var.prefix service_config = { disable_on_destroy = false diff --git a/fast/stages/02-networking-vpn/vpc-spoke-dev.tf b/fast/stages/02-networking-vpn/vpc-spoke-dev.tf index 90d11f16..9b3c0f9e 100644 --- a/fast/stages/02-networking-vpn/vpc-spoke-dev.tf +++ b/fast/stages/02-networking-vpn/vpc-spoke-dev.tf @@ -20,7 +20,7 @@ module "dev-spoke-project" { source = "../../../modules/project" billing_account = var.billing_account_id name = "dev-net-spoke-0" - parent = var.folder_id + parent = var.folder_ids.networking-dev prefix = var.prefix service_config = { disable_on_destroy = false diff --git a/fast/stages/02-networking-vpn/vpc-spoke-prod.tf b/fast/stages/02-networking-vpn/vpc-spoke-prod.tf index 0132d8fd..7f42ab2c 100644 --- a/fast/stages/02-networking-vpn/vpc-spoke-prod.tf +++ b/fast/stages/02-networking-vpn/vpc-spoke-prod.tf @@ -20,7 +20,7 @@ module "prod-spoke-project" { source = "../../../modules/project" billing_account = var.billing_account_id name = "prod-net-spoke-0" - parent = var.folder_id + parent = var.folder_ids.networking-prod prefix = var.prefix service_config = { disable_on_destroy = false