Add tflint to pipelines (#2220)
* Fix terraform_deprecated_index https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_index.md * Fix terraform_deprecated_interpolation Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.5.0/docs/rules/terraform_deprecated_interpolation.md * Fix more indexing * Remove unused variable * Enable TFLint for modules * Add tflint config file * Fix chdir * Lint modules * TFLint fixes * TFLint * Fixes binauthz README * Fixes DNS response policy tests. Restores MIG outputs. * Fixes other DNS response policy tests. * Update tests for fast 2-e * Moar fixed tests --------- Co-authored-by: Simone Ruffilli <sruffilli@google.com>
This commit is contained in:
parent
25bf17c837
commit
3af7e257d2
|
@ -36,6 +36,19 @@ jobs:
|
|||
with:
|
||||
terraform_version: 1.7.4
|
||||
|
||||
- uses: terraform-linters/setup-tflint@v4
|
||||
name: Setup TFLint
|
||||
with:
|
||||
tflint_version: v0.50.3
|
||||
|
||||
- name: Init TFLint
|
||||
run: |
|
||||
cp .tflint.hcl ~
|
||||
tflint --init
|
||||
env:
|
||||
# https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
|
||||
GITHUB_TOKEN: ${{ github.token }}
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
pip install -r tools/requirements.txt
|
||||
|
@ -50,6 +63,9 @@ jobs:
|
|||
run: |
|
||||
terraform fmt -recursive -check -diff $GITHUB_WORKSPACE
|
||||
|
||||
- name: TFLint Modules
|
||||
run: cd modules && tflint --recursive -f compact
|
||||
|
||||
- name: Check documentation
|
||||
id: documentation-fabric
|
||||
run: |
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
plugin "terraform" {
|
||||
enabled = true
|
||||
preset = "recommended"
|
||||
}
|
||||
|
||||
rule "terraform_required_providers" {
|
||||
enabled = false
|
||||
}
|
||||
|
||||
rule "terraform_required_version" {
|
||||
enabled = false
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -22,6 +22,6 @@ module "addresses" {
|
|||
source = "../../../modules/net-address"
|
||||
project_id = module.project.project_id
|
||||
global_addresses = {
|
||||
"${local.ingress_ip_name}" = {}
|
||||
(local.ingress_ip_name) = {}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2023 Google LLC
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -119,7 +119,7 @@ module "glb" {
|
|||
ssl_certificates = {
|
||||
managed_configs = {
|
||||
adfs-domain = {
|
||||
domains = ["${var.adfs_dns_domain_name}"]
|
||||
domains = [var.adfs_dns_domain_name]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -43,7 +43,7 @@ locals {
|
|||
|
||||
direct_iam_pairs = {
|
||||
for pair in setproduct(var.project_administrators, var.direct_role_grants) :
|
||||
"direct:${pair.0}:${pair.1}" => zipmap(["member", "role"], pair)
|
||||
"direct:${pair[0]}:${pair[1]}" => zipmap(["member", "role"], pair)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -18,8 +18,8 @@ locals {
|
|||
discovery_roles = ["roles/compute.viewer", "roles/cloudasset.viewer"]
|
||||
function = (
|
||||
var.cloud_function_config.version == "v1"
|
||||
? module.cloud-function.0
|
||||
: module.cloud-function-v2.0
|
||||
? module.cloud-function[0]
|
||||
: module.cloud-function-v2[0]
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -66,7 +66,7 @@ module "cloud-function" {
|
|||
name = var.name
|
||||
bucket_name = coalesce(
|
||||
var.cloud_function_config.bucket_name,
|
||||
"${var.name}-${random_string.default.0.id}"
|
||||
"${var.name}-${random_string.default[0].id}"
|
||||
)
|
||||
bucket_config = {
|
||||
location = var.region
|
||||
|
@ -110,7 +110,7 @@ resource "google_cloud_scheduler_job" "default" {
|
|||
|
||||
pubsub_target {
|
||||
attributes = {}
|
||||
topic_name = module.pubsub.0.topic.id
|
||||
topic_name = module.pubsub[0].topic.id
|
||||
data = base64encode(jsonencode({
|
||||
discovery_root = var.discovery_config.discovery_root
|
||||
folders = var.discovery_config.monitored_folders
|
||||
|
@ -138,7 +138,7 @@ module "cloud-function-v2" {
|
|||
name = var.name
|
||||
bucket_name = coalesce(
|
||||
var.cloud_function_config.bucket_name,
|
||||
"${var.name}-${random_string.default.0.id}"
|
||||
"${var.name}-${random_string.default[0].id}"
|
||||
)
|
||||
bucket_config = {
|
||||
location = var.region
|
||||
|
@ -174,7 +174,7 @@ module "cloud-scheduler-service-account" {
|
|||
project_id = module.project.project_id
|
||||
name = "scheduler-sa"
|
||||
iam_project_roles = {
|
||||
"${module.project.project_id}" = [
|
||||
(module.project.project_id) = [
|
||||
"roles/run.invoker",
|
||||
]
|
||||
}
|
||||
|
@ -190,7 +190,7 @@ resource "google_cloud_scheduler_job" "scheduler-http" {
|
|||
|
||||
http_target {
|
||||
http_method = "POST"
|
||||
uri = module.cloud-function-v2.0.uri
|
||||
uri = module.cloud-function-v2[0].uri
|
||||
body = base64encode(jsonencode({
|
||||
discovery_root = var.discovery_config.discovery_root
|
||||
folders = var.discovery_config.monitored_folders
|
||||
|
@ -210,8 +210,8 @@ resource "google_cloud_scheduler_job" "scheduler-http" {
|
|||
"Content-Type" = "application/json"
|
||||
}
|
||||
oidc_token {
|
||||
service_account_email = module.cloud-scheduler-service-account.0.email
|
||||
audience = module.cloud-function-v2.0.uri
|
||||
service_account_email = module.cloud-scheduler-service-account[0].email
|
||||
audience = module.cloud-function-v2[0].uri
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -227,7 +227,7 @@ resource "google_organization_iam_member" "discovery" {
|
|||
)
|
||||
org_id = split("/", var.discovery_config.discovery_root)[1]
|
||||
role = each.key
|
||||
member = var.cloud_function_config.version == "v1" ? module.cloud-function.0.service_account_iam_email : module.cloud-function-v2.0.service_account_iam_email
|
||||
member = var.cloud_function_config.version == "v1" ? module.cloud-function[0].service_account_iam_email : module.cloud-function-v2[0].service_account_iam_email
|
||||
}
|
||||
|
||||
resource "google_folder_iam_member" "discovery" {
|
||||
|
@ -239,13 +239,13 @@ resource "google_folder_iam_member" "discovery" {
|
|||
)
|
||||
folder = var.discovery_config.discovery_root
|
||||
role = each.key
|
||||
member = var.cloud_function_config.version == "v1" ? module.cloud-function.0.service_account_iam_email : module.cloud-function-v2.0.service_account_iam_email
|
||||
member = var.cloud_function_config.version == "v1" ? module.cloud-function[0].service_account_iam_email : module.cloud-function-v2[0].service_account_iam_email
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "monitoring" {
|
||||
project = module.project.project_id
|
||||
role = "roles/monitoring.metricWriter"
|
||||
member = var.cloud_function_config.version == "v1" ? module.cloud-function.0.service_account_iam_email : module.cloud-function-v2.0.service_account_iam_email
|
||||
member = var.cloud_function_config.version == "v1" ? module.cloud-function[0].service_account_iam_email : module.cloud-function-v2[0].service_account_iam_email
|
||||
}
|
||||
|
||||
# Importing default dashboard
|
||||
|
|
|
@ -36,6 +36,6 @@ output "troubleshooting_payload" {
|
|||
description = "Cloud Function payload used for manual triggering."
|
||||
sensitive = true
|
||||
value = jsonencode({
|
||||
data = var.cloud_function_config.version == "v1" ? google_cloud_scheduler_job.default[0].pubsub_target.0.data : google_cloud_scheduler_job.scheduler-http[0].http_target.0.body
|
||||
data = var.cloud_function_config.version == "v1" ? google_cloud_scheduler_job.default[0].pubsub_target[0].data : google_cloud_scheduler_job.scheduler-http[0].http_target[0].body
|
||||
})
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -114,12 +114,12 @@ resource "google_project_iam_member" "project-iap-sa-image-builder" {
|
|||
resource "local_file" "packer-vars" {
|
||||
count = var.create_packer_vars ? 1 : 0
|
||||
content = templatefile(local.packer_variables_template, {
|
||||
PROJECT_ID = "${var.project_id}"
|
||||
COMPUTE_ZONE = "${local.compute_zone}"
|
||||
BUILDER_SA = "${module.service-account-image-builder.email}"
|
||||
COMPUTE_SA = "${module.service-account-image-builder-vm.email}"
|
||||
COMPUTE_SUBNETWORK = "${local.compute_subnet_name}"
|
||||
USE_IAP = "${var.use_iap}"
|
||||
PROJECT_ID = var.project_id
|
||||
COMPUTE_ZONE = local.compute_zone
|
||||
BUILDER_SA = module.service-account-image-builder.email
|
||||
COMPUTE_SA = module.service-account-image-builder-vm.email
|
||||
COMPUTE_SUBNETWORK = local.compute_subnet_name
|
||||
USE_IAP = var.use_iap
|
||||
})
|
||||
filename = local.packer_variables_file
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2023 Google LLC
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -86,7 +86,7 @@ module "sa-tfc" {
|
|||
}
|
||||
|
||||
iam_project_roles = {
|
||||
"${module.project.project_id}" = [
|
||||
(module.project.project_id) = [
|
||||
"roles/storage.admin"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -20,13 +20,13 @@ locals {
|
|||
subnet = (
|
||||
local.use_shared_vpc
|
||||
? var.vpc_config.subnet_self_link
|
||||
: values(module.vpc.0.subnet_self_links)[0]
|
||||
: values(module.vpc[0].subnet_self_links)[0]
|
||||
)
|
||||
use_shared_vpc = var.vpc_config != null
|
||||
vpc = (
|
||||
local.use_shared_vpc
|
||||
? var.vpc_config.network_self_link
|
||||
: module.vpc.0.self_link
|
||||
: module.vpc[0].self_link
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ module "vpc-firewall" {
|
|||
source = "../../../modules/net-vpc-firewall"
|
||||
count = local.use_shared_vpc ? 0 : 1
|
||||
project_id = module.project.project_id
|
||||
network = module.vpc.0.name
|
||||
network = module.vpc[0].name
|
||||
default_rules_config = {
|
||||
admin_ranges = ["10.0.0.0/20"]
|
||||
}
|
||||
|
@ -53,7 +53,7 @@ module "cloudnat" {
|
|||
project_id = module.project.project_id
|
||||
name = "${var.prefix}-default"
|
||||
region = var.region
|
||||
router_network = module.vpc.0.name
|
||||
router_network = module.vpc[0].name
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "shared_vpc" {
|
||||
|
|
|
@ -32,13 +32,13 @@ locals {
|
|||
subnet = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.subnet_self_link
|
||||
: values(module.vpc.0.subnet_self_links)[0]
|
||||
: values(module.vpc[0].subnet_self_links)[0]
|
||||
)
|
||||
use_shared_vpc = var.network_config != null
|
||||
vpc_self_link = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.network_self_link
|
||||
: module.vpc.0.self_link
|
||||
: module.vpc[0].self_link
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -118,7 +118,7 @@ module "firewall" {
|
|||
source = "../../../modules/net-vpc-firewall"
|
||||
count = local.use_shared_vpc ? 0 : 1
|
||||
project_id = module.project.project_id
|
||||
network = module.vpc.0.name
|
||||
network = module.vpc[0].name
|
||||
default_rules_config = {
|
||||
admin_ranges = ["10.0.0.0/20"]
|
||||
}
|
||||
|
@ -130,7 +130,7 @@ module "nat" {
|
|||
project_id = module.project.project_id
|
||||
region = var.regions.primary
|
||||
name = "${var.prefix}-default"
|
||||
router_network = module.vpc.0.name
|
||||
router_network = module.vpc[0].name
|
||||
}
|
||||
|
||||
module "gcs" {
|
||||
|
|
|
@ -42,6 +42,6 @@ output "vm_keys" {
|
|||
description = "GCE VM Cloud KMS crypto keys."
|
||||
value = {
|
||||
name = module.vm_example.instance.name
|
||||
key = module.vm_example.instance.boot_disk.0.kms_key_self_link
|
||||
key = module.vm_example.instance.boot_disk[0].kms_key_self_link
|
||||
}
|
||||
}
|
||||
|
|
|
@ -31,12 +31,12 @@ locals {
|
|||
orch_subnet = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.subnet_self_link
|
||||
: values(module.vpc.0.subnet_self_links)[0]
|
||||
: values(module.vpc[0].subnet_self_links)[0]
|
||||
)
|
||||
orch_vpc = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.network_self_link
|
||||
: module.vpc.0.self_link
|
||||
: module.vpc[0].self_link
|
||||
)
|
||||
# reassemble in a format suitable for for_each
|
||||
shared_vpc_bindings_map = {
|
||||
|
@ -62,7 +62,7 @@ locals {
|
|||
vpc_self_link = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.network_self_link
|
||||
: module.vpc.0.self_link
|
||||
: module.vpc[0].self_link
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -141,7 +141,7 @@ module "nat" {
|
|||
project_id = module.project.project_id
|
||||
region = var.region
|
||||
name = "${var.prefix}-default"
|
||||
router_network = module.vpc.0.name
|
||||
router_network = module.vpc[0].name
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "shared_vpc" {
|
||||
|
|
|
@ -119,7 +119,7 @@ module "load-vpc-firewall" {
|
|||
source = "../../../modules/net-vpc-firewall"
|
||||
count = local.use_shared_vpc ? 0 : 1
|
||||
project_id = module.load-project.project_id
|
||||
network = module.load-vpc.0.name
|
||||
network = module.load-vpc[0].name
|
||||
default_rules_config = {
|
||||
admin_ranges = ["10.10.0.0/24"]
|
||||
}
|
||||
|
@ -131,5 +131,5 @@ module "load-nat" {
|
|||
project_id = module.load-project.project_id
|
||||
name = "${var.prefix}-lod"
|
||||
region = var.region
|
||||
router_network = module.load-vpc.0.name
|
||||
router_network = module.load-vpc[0].name
|
||||
}
|
||||
|
|
|
@ -134,7 +134,7 @@ module "orch-vpc-firewall" {
|
|||
source = "../../../modules/net-vpc-firewall"
|
||||
count = local.use_shared_vpc ? 0 : 1
|
||||
project_id = module.orch-project.project_id
|
||||
network = module.orch-vpc.0.name
|
||||
network = module.orch-vpc[0].name
|
||||
default_rules_config = {
|
||||
admin_ranges = ["10.10.0.0/24"]
|
||||
}
|
||||
|
@ -146,7 +146,7 @@ module "orch-nat" {
|
|||
project_id = module.orch-project.project_id
|
||||
name = "${var.prefix}-orch"
|
||||
region = var.region
|
||||
router_network = module.orch-vpc.0.name
|
||||
router_network = module.orch-vpc[0].name
|
||||
}
|
||||
|
||||
module "orch-artifact-reg" {
|
||||
|
|
|
@ -135,7 +135,7 @@ module "transf-vpc-firewall" {
|
|||
source = "../../../modules/net-vpc-firewall"
|
||||
count = local.use_shared_vpc ? 0 : 1
|
||||
project_id = module.transf-project.project_id
|
||||
network = module.transf-vpc.0.name
|
||||
network = module.transf-vpc[0].name
|
||||
default_rules_config = {
|
||||
admin_ranges = ["10.10.0.0/24"]
|
||||
}
|
||||
|
@ -147,5 +147,5 @@ module "transf-nat" {
|
|||
project_id = module.transf-project.project_id
|
||||
name = "${var.prefix}-trf"
|
||||
region = var.region
|
||||
router_network = module.transf-vpc.0.name
|
||||
router_network = module.transf-vpc[0].name
|
||||
}
|
||||
|
|
|
@ -37,11 +37,11 @@ locals {
|
|||
load_subnet = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.subnet_self_links.orchestration
|
||||
: values(module.load-vpc.0.subnet_self_links)[0]
|
||||
: values(module.load-vpc[0].subnet_self_links)[0]
|
||||
)
|
||||
load_vpc = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.network_self_link
|
||||
: module.load-vpc.0.self_link
|
||||
: module.load-vpc[0].self_link
|
||||
)
|
||||
}
|
||||
|
|
|
@ -37,12 +37,12 @@ locals {
|
|||
orch_subnet = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.subnet_self_links.orchestration
|
||||
: values(module.orch-vpc.0.subnet_self_links)[0]
|
||||
: values(module.orch-vpc[0].subnet_self_links)[0]
|
||||
)
|
||||
orch_vpc = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.network_self_link
|
||||
: module.orch-vpc.0.self_link
|
||||
: module.orch-vpc[0].self_link
|
||||
)
|
||||
# TODO: use new artifact registry module output
|
||||
orch_docker_path = format("%s-docker.pkg.dev/%s/%s",
|
||||
|
|
|
@ -37,11 +37,11 @@ locals {
|
|||
transf_subnet = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.subnet_self_links.orchestration
|
||||
: values(module.transf-vpc.0.subnet_self_links)[0]
|
||||
: values(module.transf-vpc[0].subnet_self_links)[0]
|
||||
)
|
||||
transf_vpc = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.network_self_link
|
||||
: module.transf-vpc.0.self_link
|
||||
: module.transf-vpc[0].self_link
|
||||
)
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ output "demo_commands" {
|
|||
--impersonate-service-account=${module.orch-sa-df-build.email} \
|
||||
--substitutions=_TEMPLATE_IMAGE="${local.orch_docker_path}/csv2bq:latest",_TEMPLATE_PATH="gs://${module.orch-cs-df-template.name}/csv2bq.json",_DOCKER_DIR="./demo/dataflow-csv2bq"
|
||||
EOT
|
||||
05 = try("Open ${google_composer_environment.orch-cmp-0[0].config.0.airflow_uri} and run uploaded DAG.", "Composer not deployed")
|
||||
05 = try("Open ${google_composer_environment.orch-cmp-0[0].config[0].airflow_uri} and run uploaded DAG.", "Composer not deployed")
|
||||
06 = <<EOT
|
||||
bq query --project_id=${module.dwh-conf-project.project_id} --use_legacy_sql=false 'SELECT * EXCEPT (name, surname) FROM `${module.dwh-conf-project.project_id}.${module.dwh-conf-bq-0.dataset_id}.customer_purchase` LIMIT 1000'"
|
||||
EOT
|
||||
|
|
|
@ -75,14 +75,14 @@ locals {
|
|||
local.use_shared_vpc
|
||||
? var.network_config.subnet_self_link
|
||||
: try(
|
||||
module.processing-vpc.0.subnet_self_links["${var.region}/${var.prefix}-processing"],
|
||||
module.processing-vpc[0].subnet_self_links["${var.region}/${var.prefix}-processing"],
|
||||
null
|
||||
)
|
||||
)
|
||||
processing_vpc = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.network_self_link
|
||||
: try(module.processing-vpc.0.self_link, null)
|
||||
: try(module.processing-vpc[0].self_link, null)
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -184,7 +184,7 @@ module "processing-vpc-firewall" {
|
|||
source = "../../../modules/net-vpc-firewall"
|
||||
count = local.use_shared_vpc ? 0 : 1
|
||||
project_id = module.processing-project.project_id
|
||||
network = module.processing-vpc.0.name
|
||||
network = module.processing-vpc[0].name
|
||||
default_rules_config = {
|
||||
admin_ranges = ["10.10.0.0/24"]
|
||||
}
|
||||
|
@ -196,5 +196,5 @@ module "processing-nat" {
|
|||
project_id = module.processing-project.project_id
|
||||
name = "${var.prefix}-processing"
|
||||
region = var.region
|
||||
router_network = module.processing-vpc.0.name
|
||||
router_network = module.processing-vpc[0].name
|
||||
}
|
||||
|
|
|
@ -25,7 +25,7 @@ output "bigquery-datasets" {
|
|||
output "composer" {
|
||||
description = "Composer variables."
|
||||
value = {
|
||||
air_flow_uri = try(google_composer_environment.processing-cmp-0[0].config.0.airflow_uri, null)
|
||||
air_flow_uri = try(google_composer_environment.processing-cmp-0[0].config[0].airflow_uri, null)
|
||||
dag_bucket = try(regex("^gs://([^/]*)/dags$", google_composer_environment.processing-cmp-0[0].config[0].dag_gcs_prefix)[0], null)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -22,12 +22,12 @@ locals {
|
|||
subnet = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.subnet_self_link
|
||||
: values(module.vpc.0.subnet_self_links)[0]
|
||||
: values(module.vpc[0].subnet_self_links)[0]
|
||||
)
|
||||
vpc = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.network_self_link
|
||||
: module.vpc.0.self_link
|
||||
: module.vpc[0].self_link
|
||||
)
|
||||
use_shared_vpc = var.network_config != null
|
||||
|
||||
|
@ -120,7 +120,7 @@ module "vpc-firewall" {
|
|||
source = "../../../modules/net-vpc-firewall"
|
||||
count = local.use_shared_vpc ? 0 : 1
|
||||
project_id = module.project.project_id
|
||||
network = module.vpc.0.name
|
||||
network = module.vpc[0].name
|
||||
default_rules_config = {
|
||||
admin_ranges = ["10.0.0.0/20"]
|
||||
}
|
||||
|
@ -141,7 +141,7 @@ module "cloudnat" {
|
|||
project_id = module.project.project_id
|
||||
name = "${var.prefix}-default"
|
||||
region = var.region
|
||||
router_network = module.vpc.0.name
|
||||
router_network = module.vpc[0].name
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "shared_vpc" {
|
||||
|
|
|
@ -22,7 +22,7 @@ locals {
|
|||
var.enable_features.log_sink
|
||||
? [format(
|
||||
"projects/%s/locations/%s/keyRings/%s/cryptoKeys/bq",
|
||||
module.sec-project.0.project_id,
|
||||
module.sec-project[0].project_id,
|
||||
var.log_locations.bq,
|
||||
var.log_locations.bq
|
||||
)]
|
||||
|
@ -32,7 +32,7 @@ locals {
|
|||
var.enable_features.log_sink
|
||||
? [format(
|
||||
"projects/%s/locations/%s/keyRings/%s/cryptoKeys/pubsub",
|
||||
module.sec-project.0.project_id,
|
||||
module.sec-project[0].project_id,
|
||||
var.log_locations.pubsub,
|
||||
var.log_locations.pubsub
|
||||
)]
|
||||
|
@ -42,7 +42,7 @@ locals {
|
|||
var.enable_features.log_sink
|
||||
? [format(
|
||||
"projects/%s/locations/%s/keyRings/%s/cryptoKeys/storage",
|
||||
module.sec-project.0.project_id,
|
||||
module.sec-project[0].project_id,
|
||||
var.log_locations.storage,
|
||||
var.log_locations.storage
|
||||
)]
|
||||
|
|
|
@ -23,7 +23,7 @@ locals {
|
|||
identities = values(module.folder.sink_writer_identities)
|
||||
}
|
||||
to = {
|
||||
resources = ["projects/${module.log-export-project.0.number}"]
|
||||
resources = ["projects/${module.log-export-project[0].number}"]
|
||||
operations = [{ service_name = "*" }]
|
||||
} }
|
||||
} : null
|
||||
|
@ -60,9 +60,9 @@ locals {
|
|||
|
||||
log_sink_destinations = var.enable_features.log_sink ? merge(
|
||||
# use the same dataset for all sinks with `bigquery` as destination
|
||||
{ for k, v in var.log_sinks : k => module.log-export-dataset.0 if v.type == "bigquery" },
|
||||
{ for k, v in var.log_sinks : k => module.log-export-dataset[0] if v.type == "bigquery" },
|
||||
# use the same gcs bucket for all sinks with `storage` as destination
|
||||
{ for k, v in var.log_sinks : k => module.log-export-gcs.0 if v.type == "storage" },
|
||||
{ for k, v in var.log_sinks : k => module.log-export-gcs[0] if v.type == "storage" },
|
||||
# use separate pubsub topics and logging buckets for sinks with
|
||||
# destination `pubsub` and `logging`
|
||||
module.log-export-pubsub,
|
||||
|
|
|
@ -69,12 +69,12 @@ locals {
|
|||
subnet = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.subnet_self_link
|
||||
: values(module.vpc-local.0.subnet_self_links)[0]
|
||||
: values(module.vpc-local[0].subnet_self_links)[0]
|
||||
)
|
||||
vpc = (
|
||||
local.use_shared_vpc
|
||||
? var.network_config.network_self_link
|
||||
: module.vpc-local.0.self_link
|
||||
: module.vpc-local[0].self_link
|
||||
)
|
||||
use_shared_vpc = var.network_config != null
|
||||
|
||||
|
|
|
@ -17,8 +17,8 @@
|
|||
locals {
|
||||
_cluster_sa = (
|
||||
local.cluster_create
|
||||
? module.cluster-service-account.0.email
|
||||
: data.google_container_cluster.cluster.0.node_config.0.service_account
|
||||
? module.cluster-service-account[0].email
|
||||
: data.google_container_cluster.cluster[0].node_config[0].service_account
|
||||
)
|
||||
cluster_sa = (
|
||||
local._cluster_sa == "default"
|
||||
|
@ -48,9 +48,9 @@ locals {
|
|||
}
|
||||
# VPC creation configures networking
|
||||
: {
|
||||
network = module.vpc.0.id
|
||||
network = module.vpc[0].id
|
||||
secondary_range_names = { pods = "pods", services = "services" }
|
||||
subnet = values(module.vpc.0.subnet_ids)[0]
|
||||
subnet = values(module.vpc[0].subnet_ids)[0]
|
||||
}
|
||||
)
|
||||
}
|
||||
|
@ -88,7 +88,7 @@ module "cluster" {
|
|||
master_global_access = true
|
||||
}
|
||||
node_config = {
|
||||
service_account = module.cluster-service-account.0.email
|
||||
service_account = module.cluster-service-account[0].email
|
||||
}
|
||||
labels = var.cluster_create.labels
|
||||
release_channel = var.cluster_create.options.release_channel
|
||||
|
|
|
@ -35,7 +35,7 @@ locals {
|
|||
}
|
||||
: {
|
||||
project_id = var.fleet_project_id
|
||||
number = module.fleet-project.0.number
|
||||
number = module.fleet-project[0].number
|
||||
}
|
||||
)
|
||||
proxy_only_subnet = (local.vpc_create && try(var.vpc_create.proxy_only_subnet, null) != null) ? [
|
||||
|
@ -88,7 +88,7 @@ module "project" {
|
|||
member = (
|
||||
var.fleet_project_id == null
|
||||
? "serviceAccount:${module.project.service_accounts.robots.gkehub}"
|
||||
: "serviceAccount:${module.fleet-project.0.service_accounts.robots.gkehub}"
|
||||
: "serviceAccount:${module.fleet-project[0].service_accounts.robots.gkehub}"
|
||||
)
|
||||
}
|
||||
},
|
||||
|
@ -142,7 +142,7 @@ module "fleet" {
|
|||
clusters = {
|
||||
(var.cluster_name) = (
|
||||
var.cluster_create != null
|
||||
? module.cluster.0.id
|
||||
? module.cluster[0].id
|
||||
: "projects/${var.project_id}/locations/${var.region}/clusters/${var.cluster_name}"
|
||||
)
|
||||
}
|
||||
|
|
|
@ -21,22 +21,22 @@ output "created_resources" {
|
|||
project = module.project.project_id
|
||||
},
|
||||
!local.vpc_create ? {} : {
|
||||
subnet_id = one(values(module.vpc.0.subnet_ids))
|
||||
vpc_id = module.vpc.0.id
|
||||
subnet_id = one(values(module.vpc[0].subnet_ids))
|
||||
vpc_id = module.vpc[0].id
|
||||
},
|
||||
!var.registry_create ? {} : {
|
||||
registry = module.registry.0.image_path
|
||||
registry = module.registry[0].image_path
|
||||
},
|
||||
!local.cluster_create ? {} : {
|
||||
cluster = module.cluster.0.id
|
||||
node_service_account = module.cluster-service-account.0.email
|
||||
cluster = module.cluster[0].id
|
||||
node_service_account = module.cluster-service-account[0].email
|
||||
},
|
||||
!local.create_nat ? {} : {
|
||||
router = module.nat.0.id
|
||||
cloud_nat = module.nat.0.router.id
|
||||
router = module.nat[0].id
|
||||
cloud_nat = module.nat[0].router.id
|
||||
},
|
||||
local.proxy_only_subnet == null ? {} : {
|
||||
proxy_only_subnet = one(values(module.vpc.0.subnets_proxy_only)).id
|
||||
proxy_only_subnet = one(values(module.vpc[0].subnets_proxy_only)).id
|
||||
},
|
||||
)
|
||||
}
|
||||
|
|
|
@ -32,5 +32,5 @@ provider "kubectl" {
|
|||
? null
|
||||
: var.credentials_config.fleet_host
|
||||
)
|
||||
token = try(data.google_client_config.identity.0.access_token, null)
|
||||
token = try(data.google_client_config.identity[0].access_token, null)
|
||||
}
|
||||
|
|
|
@ -32,7 +32,7 @@ data "google_client_config" "identity" {
|
|||
# ? null
|
||||
# : var.credentials_config.fleet_host
|
||||
# )
|
||||
# token = try(data.google_client_config.identity.0.access_token, null)
|
||||
# token = try(data.google_client_config.identity[0].access_token, null)
|
||||
# }
|
||||
|
||||
provider "kubectl" {
|
||||
|
@ -46,7 +46,7 @@ provider "kubectl" {
|
|||
? null
|
||||
: pathexpand(var.credentials_config.kubeconfig.path)
|
||||
)
|
||||
token = try(data.google_client_config.identity.0.access_token, null)
|
||||
token = try(data.google_client_config.identity[0].access_token, null)
|
||||
}
|
||||
|
||||
provider "helm" {
|
||||
|
@ -64,6 +64,6 @@ provider "helm" {
|
|||
? null
|
||||
: var.credentials_config.fleet_host
|
||||
)
|
||||
token = try(data.google_client_config.identity.0.access_token, null)
|
||||
token = try(data.google_client_config.identity[0].access_token, null)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,7 +32,7 @@ provider "kubernetes" {
|
|||
? null
|
||||
: var.credentials_config.fleet_host
|
||||
)
|
||||
token = try(data.google_client_config.identity.0.access_token, null)
|
||||
token = try(data.google_client_config.identity[0].access_token, null)
|
||||
}
|
||||
|
||||
provider "kubectl" {
|
||||
|
@ -46,7 +46,7 @@ provider "kubectl" {
|
|||
? null
|
||||
: pathexpand(var.credentials_config.kubeconfig.path)
|
||||
)
|
||||
token = try(data.google_client_config.identity.0.access_token, null)
|
||||
token = try(data.google_client_config.identity[0].access_token, null)
|
||||
}
|
||||
|
||||
provider "helm" {
|
||||
|
@ -64,6 +64,6 @@ provider "helm" {
|
|||
? null
|
||||
: var.credentials_config.fleet_host
|
||||
)
|
||||
token = try(data.google_client_config.identity.0.access_token, null)
|
||||
token = try(data.google_client_config.identity[0].access_token, null)
|
||||
}
|
||||
}
|
|
@ -36,7 +36,7 @@ resource "kubernetes_manifest" "default" {
|
|||
for_each = toset(local.wl_templates)
|
||||
manifest = yamldecode(templatefile(each.value, {
|
||||
image = var.image
|
||||
namespace = kubernetes_namespace.default.metadata.0.name
|
||||
namespace = kubernetes_namespace.default.metadata[0].name
|
||||
statefulset_config = var.statefulset_config
|
||||
}))
|
||||
dynamic "wait" {
|
||||
|
@ -55,7 +55,7 @@ resource "kubernetes_manifest" "default" {
|
|||
resource "kubernetes_manifest" "cluster-start" {
|
||||
manifest = yamldecode(templatefile("${local.wl_templates_path}/start-cluster.yaml", {
|
||||
image = var.image
|
||||
namespace = kubernetes_namespace.default.metadata.0.name
|
||||
namespace = kubernetes_namespace.default.metadata[0].name
|
||||
nodes = [
|
||||
for i in range(var.statefulset_config.replicas) :
|
||||
"redis-${i}.redis-cluster.${var.namespace}.svc.cluster.local"
|
||||
|
|
|
@ -32,5 +32,5 @@ provider "kubernetes" {
|
|||
? null
|
||||
: var.credentials_config.fleet_host
|
||||
)
|
||||
token = try(data.google_client_config.identity.0.access_token, null)
|
||||
token = try(data.google_client_config.identity[0].access_token, null)
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2023 Google LLC
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -80,8 +80,8 @@ module "project-svc-gke" {
|
|||
},
|
||||
var.cluster_create
|
||||
? {
|
||||
"roles/logging.logWriter" = [module.cluster-1-nodepool-1.0.service_account_iam_email]
|
||||
"roles/monitoring.metricWriter" = [module.cluster-1-nodepool-1.0.service_account_iam_email]
|
||||
"roles/logging.logWriter" = [module.cluster-1-nodepool-1[0].service_account_iam_email]
|
||||
"roles/monitoring.metricWriter" = [module.cluster-1-nodepool-1[0].service_account_iam_email]
|
||||
}
|
||||
: {}
|
||||
)
|
||||
|
@ -231,9 +231,9 @@ module "cluster-1-nodepool-1" {
|
|||
count = var.cluster_create ? 1 : 0
|
||||
name = "nodepool-1"
|
||||
project_id = module.project-svc-gke.project_id
|
||||
location = module.cluster-1.0.location
|
||||
cluster_name = module.cluster-1.0.name
|
||||
cluster_id = module.cluster-1.0.id
|
||||
location = module.cluster-1[0].location
|
||||
cluster_name = module.cluster-1[0].name
|
||||
cluster_id = module.cluster-1[0].id
|
||||
service_account = {
|
||||
create = true
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2023 Google LLC
|
||||
# Copyright 2024 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -16,7 +16,7 @@ output "gke_clusters" {
|
|||
description = "GKE clusters information."
|
||||
value = (
|
||||
var.cluster_create
|
||||
? { cluster-1 = module.cluster-1.0.endpoint }
|
||||
? { cluster-1 = module.cluster-1[0].endpoint }
|
||||
: {}
|
||||
)
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -112,7 +112,7 @@ module "bigip-vms" {
|
|||
internal = module.vm-addresses-dp.internal_addresses["${var.prefix}-${each.key}-dp"].address
|
||||
}
|
||||
alias_ips = {
|
||||
"${each.value.network_config.alias_ip_range_name}" = each.value.network_config.alias_ip_range_address
|
||||
(each.value.network_config.alias_ip_range_name) = each.value.network_config.alias_ip_range_address
|
||||
}
|
||||
},
|
||||
{
|
||||
|
|
|
@ -30,10 +30,10 @@ locals {
|
|||
saml = var.gitlab_config.saml
|
||||
hostname = var.gitlab_config.hostname
|
||||
})
|
||||
gitlab_ssl_crt = local.self_signed_ssl_certs_required ? tls_locally_signed_cert.gitlab_server_singed_cert.0.cert_pem : file("${path.module}/certs/${var.gitlab_config.hostname}.crt")
|
||||
gitlab_ssl_key = local.self_signed_ssl_certs_required ? tls_private_key.gitlab_server_key.0.private_key_pem : file("${path.module}/certs/${var.gitlab_config.hostname}.key")
|
||||
gitlab_ssl_ca_crt = local.self_signed_ssl_certs_required ? tls_self_signed_cert.gitlab_ca_cert.0.cert_pem : file("${path.module}/certs/${var.gitlab_config.hostname}.ca.crt")
|
||||
gitlab_ssl_ca_key = local.self_signed_ssl_certs_required ? tls_private_key.gitlab_ca_private_key.0.private_key_pem : ""
|
||||
gitlab_ssl_crt = local.self_signed_ssl_certs_required ? tls_locally_signed_cert.gitlab_server_singed_cert[0].cert_pem : file("${path.module}/certs/${var.gitlab_config.hostname}.crt")
|
||||
gitlab_ssl_key = local.self_signed_ssl_certs_required ? tls_private_key.gitlab_server_key[0].private_key_pem : file("${path.module}/certs/${var.gitlab_config.hostname}.key")
|
||||
gitlab_ssl_ca_crt = local.self_signed_ssl_certs_required ? tls_self_signed_cert.gitlab_ca_cert[0].cert_pem : file("${path.module}/certs/${var.gitlab_config.hostname}.ca.crt")
|
||||
gitlab_ssl_ca_key = local.self_signed_ssl_certs_required ? tls_private_key.gitlab_ca_private_key[0].private_key_pem : ""
|
||||
self_signed_ssl_certs_required = fileexists("${path.module}/certs/${var.gitlab_config.hostname}.crt") && fileexists("${path.module}/certs/${var.gitlab_config.hostname}.key") && fileexists("${path.module}/certs/${var.gitlab_config.hostname}.ca.crt") ? false : true
|
||||
gitlab_user_data = templatefile("${path.module}/assets/cloud-config.yaml", {
|
||||
gitlab_config = var.gitlab_config
|
||||
|
|
|
@ -41,7 +41,7 @@ resource "tls_private_key" "gitlab_ca_private_key" {
|
|||
|
||||
resource "tls_self_signed_cert" "gitlab_ca_cert" {
|
||||
count = local.self_signed_ssl_certs_required ? 1 : 0
|
||||
private_key_pem = tls_private_key.gitlab_ca_private_key.0.private_key_pem
|
||||
private_key_pem = tls_private_key.gitlab_ca_private_key[0].private_key_pem
|
||||
is_ca_certificate = true
|
||||
dynamic "subject" {
|
||||
for_each = toset(local.cert_subjects)
|
||||
|
@ -74,7 +74,7 @@ resource "tls_private_key" "gitlab_server_key" {
|
|||
# Create CSR for Gitlab Server certificate
|
||||
resource "tls_cert_request" "gitlab_server_csr" {
|
||||
count = local.self_signed_ssl_certs_required ? 1 : 0
|
||||
private_key_pem = tls_private_key.gitlab_server_key.0.private_key_pem
|
||||
private_key_pem = tls_private_key.gitlab_server_key[0].private_key_pem
|
||||
dns_names = [var.gitlab_config.hostname]
|
||||
|
||||
dynamic "subject" {
|
||||
|
@ -92,9 +92,9 @@ resource "tls_cert_request" "gitlab_server_csr" {
|
|||
|
||||
resource "tls_locally_signed_cert" "gitlab_server_singed_cert" {
|
||||
count = local.self_signed_ssl_certs_required ? 1 : 0
|
||||
cert_request_pem = tls_cert_request.gitlab_server_csr.0.cert_request_pem
|
||||
ca_private_key_pem = tls_private_key.gitlab_ca_private_key.0.private_key_pem
|
||||
ca_cert_pem = tls_self_signed_cert.gitlab_ca_cert.0.cert_pem
|
||||
cert_request_pem = tls_cert_request.gitlab_server_csr[0].cert_request_pem
|
||||
ca_private_key_pem = tls_private_key.gitlab_ca_private_key[0].private_key_pem
|
||||
ca_cert_pem = tls_self_signed_cert.gitlab_ca_cert[0].cert_pem
|
||||
|
||||
validity_period_hours = 43800
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@ resource "google_storage_bucket_object" "bootstrap-ignition" {
|
|||
data "google_storage_object_signed_url" "bootstrap-ignition" {
|
||||
count = local.bootstrapping ? 1 : 0
|
||||
bucket = google_storage_bucket.bootstrap-ignition.name
|
||||
path = google_storage_bucket_object.bootstrap-ignition.0.name
|
||||
path = google_storage_bucket_object.bootstrap-ignition[0].name
|
||||
credentials = file(local.fs_paths.credentials)
|
||||
}
|
||||
|
||||
|
@ -67,7 +67,7 @@ resource "google_compute_instance" "bootstrap" {
|
|||
ignition = {
|
||||
config = {
|
||||
replace = !local.bootstrapping ? {} : {
|
||||
source = data.google_storage_object_signed_url.bootstrap-ignition.0.signed_url
|
||||
source = data.google_storage_object_signed_url.bootstrap-ignition[0].signed_url
|
||||
}
|
||||
}
|
||||
version = "3.1.0"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -20,7 +20,7 @@ locals {
|
|||
disk_encryption_key = (
|
||||
var.disk_encryption_key == null
|
||||
? null
|
||||
: data.google_kms_crypto_key.default.0.id
|
||||
: data.google_kms_crypto_key.default[0].id
|
||||
)
|
||||
fs_paths = { for k, v in var.fs_paths : k => pathexpand(v) }
|
||||
infra_id = local.install_metadata["infraID"]
|
||||
|
@ -56,6 +56,6 @@ data "google_kms_key_ring" "default" {
|
|||
|
||||
data "google_kms_crypto_key" "default" {
|
||||
count = var.disk_encryption_key == null ? 0 : 1
|
||||
key_ring = data.google_kms_key_ring.default.0.self_link
|
||||
key_ring = data.google_kms_key_ring.default[0].self_link
|
||||
name = var.disk_encryption_key.name
|
||||
}
|
||||
|
|
|
@ -27,9 +27,9 @@ END
|
|||
output "bootstrap-ssh" {
|
||||
description = "Command to SSH to the bootstrap instance."
|
||||
value = !local.bootstrapping ? null : <<END
|
||||
gcloud compute ssh core@${google_compute_instance.bootstrap.0.name} \
|
||||
--project ${google_compute_instance.bootstrap.0.project} \
|
||||
--zone ${google_compute_instance.bootstrap.0.zone} \
|
||||
gcloud compute ssh core@${google_compute_instance.bootstrap[0].name} \
|
||||
--project ${google_compute_instance.bootstrap[0].project} \
|
||||
--zone ${google_compute_instance.bootstrap[0].zone} \
|
||||
--ssh-key-file ${replace(var.fs_paths.ssh_key, ".pub", "")}
|
||||
END
|
||||
}
|
||||
|
|
|
@ -34,7 +34,7 @@ module "cloudsql" {
|
|||
region = var.region
|
||||
tier = local.cloudsql_conf.tier
|
||||
users = {
|
||||
"${local.cloudsql_conf.user}" = {
|
||||
(local.cloudsql_conf.user) = {
|
||||
password = var.cloudsql_password
|
||||
type = "BUILT_IN"
|
||||
}
|
||||
|
|
|
@ -34,7 +34,7 @@ module "glb-redirect" {
|
|||
count = local.glb_create ? 1 : 0
|
||||
project_id = module.project.project_id
|
||||
name = "phpipam-glb-redirect"
|
||||
address = module.addresses.0.global_addresses["phpipam"].address
|
||||
address = module.addresses[0].global_addresses["phpipam"].address
|
||||
health_check_configs = {}
|
||||
urlmap_config = {
|
||||
description = "URL redirect for phpipam glb."
|
||||
|
@ -51,7 +51,7 @@ module "glb" {
|
|||
count = local.glb_create ? 1 : 0
|
||||
project_id = module.project.project_id
|
||||
name = "phpipam-glb"
|
||||
address = module.addresses.0.global_addresses["phpipam"].address
|
||||
address = module.addresses[0].global_addresses["phpipam"].address
|
||||
protocol = "HTTPS"
|
||||
|
||||
backend_service_configs = {
|
||||
|
|
|
@ -29,7 +29,7 @@ locals {
|
|||
domain = (
|
||||
var.custom_domain != null ? var.custom_domain : (
|
||||
var.phpipam_exposure == "EXTERNAL" ?
|
||||
"${module.addresses.0.global_addresses["phpipam"].address}.nip.io" : "phpipam.internal")
|
||||
"${module.addresses[0].global_addresses["phpipam"].address}.nip.io" : "phpipam.internal")
|
||||
)
|
||||
iam = {
|
||||
# CloudSQL
|
||||
|
@ -41,9 +41,9 @@ locals {
|
|||
"roles/iam.serviceAccountUser" = var.admin_principals
|
||||
"roles/iam.serviceAccountTokenCreator" = var.admin_principals
|
||||
}
|
||||
network = var.vpc_config == null ? module.vpc.0.self_link : var.vpc_config.network
|
||||
network = var.vpc_config == null ? module.vpc[0].self_link : var.vpc_config.network
|
||||
phpipam_password = var.phpipam_password == null ? random_password.phpipam_password.result : var.phpipam_password
|
||||
subnetwork = var.vpc_config == null ? module.vpc.0.subnet_self_links["${var.region}/ilb"] : var.vpc_config.subnetwork
|
||||
subnetwork = var.vpc_config == null ? module.vpc[0].subnet_self_links["${var.region}/ilb"] : var.vpc_config.subnetwork
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ output "cloudsql_password" {
|
|||
|
||||
output "phpipam_ip_address" {
|
||||
description = "PHPIPAM IP Address either external or internal according to app exposure."
|
||||
value = local.glb_create ? module.addresses.0.global_addresses["phpipam"].address : module.ilb-l7.0.address
|
||||
value = local.glb_create ? module.addresses[0].global_addresses["phpipam"].address : module.ilb-l7[0].address
|
||||
}
|
||||
|
||||
output "phpipam_password" {
|
||||
|
|
|
@ -67,7 +67,7 @@ module "cloudsql" {
|
|||
tier = local.cloudsql_conf.tier
|
||||
databases = [local.cloudsql_conf.db]
|
||||
users = {
|
||||
"${local.cloudsql_conf.user}" = {
|
||||
(local.cloudsql_conf.user) = {
|
||||
password = var.cloudsql_password
|
||||
}
|
||||
}
|
||||
|
|
|
@ -30,7 +30,7 @@ locals {
|
|||
"roles/iam.serviceAccountUser",
|
||||
"roles/iam.serviceAccountTokenCreator"
|
||||
]
|
||||
connector = var.connector == null ? google_vpc_access_connector.connector.0.self_link : var.connector
|
||||
connector = var.connector == null ? google_vpc_access_connector.connector[0].self_link : var.connector
|
||||
wp_user = "user"
|
||||
wp_pass = var.wordpress_password == null ? random_password.wp_password.result : var.wordpress_password
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -140,7 +140,7 @@ resource "github_actions_secret" "default" {
|
|||
plaintext_value = (
|
||||
try(var.modules_config.key_config.keypair_path, null) == null
|
||||
? tls_private_key.default.private_key_openssh
|
||||
: file(pathexpand("${var.modules_config.key_config.keypair_path}"))
|
||||
: file(pathexpand(var.modules_config.key_config.keypair_path))
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -18,8 +18,8 @@
|
|||
|
||||
locals {
|
||||
plugin_sc_tfvars = {
|
||||
dev = google_vpc_access_connector.dev-primary.0.id
|
||||
prod = google_vpc_access_connector.prod-primary.0.id
|
||||
dev = google_vpc_access_connector.dev-primary[0].id
|
||||
prod = google_vpc_access_connector.prod-primary[0].id
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -75,7 +75,7 @@ resource "google_iam_workload_identity_pool_provider" "default" {
|
|||
for_each = local.identity_providers
|
||||
project = module.automation-project.project_id
|
||||
workload_identity_pool_id = (
|
||||
google_iam_workload_identity_pool.default.0.workload_identity_pool_id
|
||||
google_iam_workload_identity_pool.default[0].workload_identity_pool_id
|
||||
)
|
||||
workload_identity_pool_provider_id = "${var.prefix}-bootstrap-${each.key}"
|
||||
attribute_condition = each.value.attribute_condition
|
||||
|
|
|
@ -19,9 +19,9 @@
|
|||
locals {
|
||||
log_sink_destinations = merge(
|
||||
# use the same dataset for all sinks with `bigquery` as destination
|
||||
{ for k, v in var.log_sinks : k => module.log-export-dataset.0 if v.type == "bigquery" },
|
||||
{ for k, v in var.log_sinks : k => module.log-export-dataset[0] if v.type == "bigquery" },
|
||||
# use the same gcs bucket for all sinks with `storage` as destination
|
||||
{ for k, v in var.log_sinks : k => module.log-export-gcs.0 if v.type == "storage" },
|
||||
{ for k, v in var.log_sinks : k => module.log-export-gcs[0] if v.type == "storage" },
|
||||
# use separate pubsub topics and logging buckets for sinks with
|
||||
# destination `pubsub` and `logging`
|
||||
module.log-export-pubsub,
|
||||
|
|
|
@ -42,7 +42,7 @@ locals {
|
|||
}
|
||||
resman_sa = (
|
||||
var.test_principal == null
|
||||
? data.google_client_openid_userinfo.resman-sa.0.email
|
||||
? data.google_client_openid_userinfo.resman-sa[0].email
|
||||
: var.test_principal
|
||||
)
|
||||
}
|
||||
|
|
|
@ -69,7 +69,7 @@ locals {
|
|||
project_id = module.automation-project.project_id
|
||||
project_number = module.automation-project.number
|
||||
federated_identity_pools = compact([
|
||||
try(google_iam_workload_identity_pool.default.0.name, null),
|
||||
try(google_iam_workload_identity_pool.default[0].name, null),
|
||||
var.automation.federated_identity_pool,
|
||||
])
|
||||
federated_identity_providers = local.cicd_providers
|
||||
|
@ -116,7 +116,7 @@ output "federated_identity" {
|
|||
description = "Workload Identity Federation pool and providers."
|
||||
value = {
|
||||
pool = try(
|
||||
google_iam_workload_identity_pool.default.0.name, null
|
||||
google_iam_workload_identity_pool.default[0].name, null
|
||||
)
|
||||
providers = local.cicd_providers
|
||||
}
|
||||
|
|
|
@ -29,7 +29,7 @@ module "branch-dp-folder" {
|
|||
module "branch-dp-dev-folder" {
|
||||
source = "../../../modules/folder"
|
||||
count = var.fast_features.data_platform ? 1 : 0
|
||||
parent = module.branch-dp-folder.0.id
|
||||
parent = module.branch-dp-folder[0].id
|
||||
name = "Development"
|
||||
iam = {
|
||||
(local.custom_roles.service_project_network_admin) = [
|
||||
|
@ -49,7 +49,7 @@ module "branch-dp-dev-folder" {
|
|||
module "branch-dp-prod-folder" {
|
||||
source = "../../../modules/folder"
|
||||
count = var.fast_features.data_platform ? 1 : 0
|
||||
parent = module.branch-dp-folder.0.id
|
||||
parent = module.branch-dp-folder[0].id
|
||||
name = "Production"
|
||||
iam = {
|
||||
(local.custom_roles.service_project_network_admin) = [
|
||||
|
@ -77,7 +77,7 @@ module "branch-dp-dev-sa" {
|
|||
service_account_create = var.test_skip_data_sources
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-dp-dev-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-dp-dev-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_storage_roles = {
|
||||
|
@ -94,7 +94,7 @@ module "branch-dp-prod-sa" {
|
|||
service_account_create = var.test_skip_data_sources
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-dp-prod-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-dp-prod-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_storage_roles = {
|
||||
|
|
|
@ -29,7 +29,7 @@ module "branch-gke-folder" {
|
|||
module "branch-gke-dev-folder" {
|
||||
source = "../../../modules/folder"
|
||||
count = var.fast_features.gke ? 1 : 0
|
||||
parent = module.branch-gke-folder.0.id
|
||||
parent = module.branch-gke-folder[0].id
|
||||
name = "Development"
|
||||
iam = {
|
||||
"roles/owner" = [local.automation_sas_iam.gke-dev]
|
||||
|
@ -46,7 +46,7 @@ module "branch-gke-dev-folder" {
|
|||
module "branch-gke-prod-folder" {
|
||||
source = "../../../modules/folder"
|
||||
count = var.fast_features.gke ? 1 : 0
|
||||
parent = module.branch-gke-folder.0.id
|
||||
parent = module.branch-gke-folder[0].id
|
||||
name = "Production"
|
||||
iam = {
|
||||
"roles/owner" = [local.automation_sas_iam.gke-prod]
|
||||
|
@ -75,7 +75,7 @@ module "branch-gke-dev-sa" {
|
|||
: [local.principals.gcp-devops]
|
||||
),
|
||||
compact([
|
||||
try(module.branch-gke-dev-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-gke-dev-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
)
|
||||
}
|
||||
|
@ -99,7 +99,7 @@ module "branch-gke-prod-sa" {
|
|||
: [local.principals.gcp-devops]
|
||||
),
|
||||
compact([
|
||||
try(module.branch-gke-prod-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-gke-prod-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
)
|
||||
}
|
||||
|
|
|
@ -85,7 +85,7 @@ module "branch-network-sa" {
|
|||
service_account_create = var.test_skip_data_sources
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-network-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-network-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_storage_roles = {
|
||||
|
|
|
@ -25,7 +25,7 @@ module "branch-pf-dev-sa" {
|
|||
service_account_create = var.test_skip_data_sources
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-pf-dev-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-pf-dev-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_storage_roles = {
|
||||
|
@ -42,7 +42,7 @@ module "branch-pf-prod-sa" {
|
|||
service_account_create = var.test_skip_data_sources
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-pf-prod-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-pf-prod-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_storage_roles = {
|
||||
|
|
|
@ -54,7 +54,7 @@ module "branch-security-sa" {
|
|||
service_account_create = var.test_skip_data_sources
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-security-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-security-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_storage_roles = {
|
||||
|
|
|
@ -59,7 +59,7 @@ module "branch-teams-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-teams-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-teams-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -68,7 +68,7 @@ module "branch-teams-gcs" {
|
|||
module "branch-teams-team-folder" {
|
||||
source = "../../../modules/folder"
|
||||
for_each = var.fast_features.teams ? coalesce(var.team_folders, {}) : {}
|
||||
parent = module.branch-teams-folder.0.id
|
||||
parent = module.branch-teams-folder[0].id
|
||||
name = each.value.descriptive_name
|
||||
iam = {
|
||||
"roles/logging.admin" = [module.branch-teams-team-sa[each.key].iam_email]
|
||||
|
|
|
@ -30,7 +30,7 @@ module "branch-dp-dev-cicd-repo" {
|
|||
iam = {
|
||||
"roles/source.admin" = local.branch_optional_sa_lists.dp-dev
|
||||
"roles/source.reader" = compact([
|
||||
try(module.branch-dp-dev-sa-cicd.0.iam_email, "")
|
||||
try(module.branch-dp-dev-sa-cicd[0].iam_email, "")
|
||||
])
|
||||
}
|
||||
triggers = {
|
||||
|
@ -39,7 +39,7 @@ module "branch-dp-dev-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-dp-dev-sa-cicd.0.id
|
||||
service_account = module.branch-dp-dev-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
@ -63,7 +63,7 @@ module "branch-dp-prod-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = local.branch_optional_sa_lists.dp-prod
|
||||
"roles/source.reader" = [module.branch-dp-prod-sa-cicd.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-dp-prod-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-03-dp-prod = {
|
||||
|
@ -71,7 +71,7 @@ module "branch-dp-prod-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-dp-prod-sa-cicd.0.id
|
||||
service_account = module.branch-dp-prod-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -29,10 +29,10 @@ module "branch-gke-dev-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = compact([
|
||||
try(module.branch-gke-dev-sa.0.iam_email, "")
|
||||
try(module.branch-gke-dev-sa[0].iam_email, "")
|
||||
])
|
||||
"roles/source.reader" = compact([
|
||||
try(module.branch-gke-dev-sa-cicd.0.iam_email, "")
|
||||
try(module.branch-gke-dev-sa-cicd[0].iam_email, "")
|
||||
])
|
||||
}
|
||||
triggers = {
|
||||
|
@ -41,7 +41,7 @@ module "branch-gke-dev-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-gke-dev-sa-cicd.0.id
|
||||
service_account = module.branch-gke-dev-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
@ -64,8 +64,8 @@ module "branch-gke-prod-cicd-repo" {
|
|||
project_id = var.automation.project_id
|
||||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = [module.branch-gke-prod-sa.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-gke-prod-sa-cicd.0.iam_email]
|
||||
"roles/source.admin" = [module.branch-gke-prod-sa[0].iam_email]
|
||||
"roles/source.reader" = [module.branch-gke-prod-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-03-gke-prod = {
|
||||
|
@ -73,7 +73,7 @@ module "branch-gke-prod-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-gke-prod-sa-cicd.0.id
|
||||
service_account = module.branch-gke-prod-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -29,13 +29,13 @@ module "branch-network-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = [module.branch-network-sa.iam_email]
|
||||
"roles/source.reader" = [module.branch-network-sa-cicd.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-network-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-02-networking = {
|
||||
filename = ".cloudbuild/workflow.yaml"
|
||||
included_files = ["**/*tf", ".cloudbuild/workflow.yaml"]
|
||||
service_account = module.branch-network-sa-cicd.0.id
|
||||
service_account = module.branch-network-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -34,7 +34,7 @@ module "branch-pf-dev-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = local.branch_optional_sa_lists.pf-dev
|
||||
"roles/source.reader" = [module.branch-pf-dev-sa-cicd.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-pf-dev-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-03-pf-dev = {
|
||||
|
@ -42,7 +42,7 @@ module "branch-pf-dev-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-pf-dev-sa-cicd.0.id
|
||||
service_account = module.branch-pf-dev-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
@ -71,7 +71,7 @@ module "branch-pf-prod-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = local.branch_optional_sa_lists.pf-prod
|
||||
"roles/source.reader" = [module.branch-pf-prod-sa-cicd.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-pf-prod-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-03-pf-prod = {
|
||||
|
@ -79,7 +79,7 @@ module "branch-pf-prod-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-pf-prod-sa-cicd.0.id
|
||||
service_account = module.branch-pf-prod-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -29,13 +29,13 @@ module "branch-security-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = [module.branch-security-sa.iam_email]
|
||||
"roles/source.reader" = [module.branch-security-sa-cicd.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-security-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-02-security = {
|
||||
filename = ".cloudbuild/workflow.yaml"
|
||||
included_files = ["**/*tf", ".cloudbuild/workflow.yaml"]
|
||||
service_account = module.branch-security-sa-cicd.0.id
|
||||
service_account = module.branch-security-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -18,42 +18,42 @@ locals {
|
|||
_tpl_providers = "${path.module}/templates/providers.tf.tpl"
|
||||
cicd_workflow_attrs = {
|
||||
data_platform_dev = {
|
||||
service_account = try(module.branch-dp-dev-sa-cicd.0.email, null)
|
||||
service_account = try(module.branch-dp-dev-sa-cicd[0].email, null)
|
||||
tf_providers_file = "3-data-platform-dev-providers.tf"
|
||||
tf_var_files = local.cicd_workflow_var_files.stage_3
|
||||
}
|
||||
data_platform_prod = {
|
||||
service_account = try(module.branch-dp-prod-sa-cicd.0.email, null)
|
||||
service_account = try(module.branch-dp-prod-sa-cicd[0].email, null)
|
||||
tf_providers_file = "3-data-platform-prod-providers.tf"
|
||||
tf_var_files = local.cicd_workflow_var_files.stage_3
|
||||
}
|
||||
gke_dev = {
|
||||
service_account = try(module.branch-gke-dev-sa-cicd.0.email, null)
|
||||
service_account = try(module.branch-gke-dev-sa-cicd[0].email, null)
|
||||
tf_providers_file = "3-gke-dev-providers.tf"
|
||||
tf_var_files = local.cicd_workflow_var_files.stage_3
|
||||
}
|
||||
gke_prod = {
|
||||
service_account = try(module.branch-gke-prod-sa-cicd.0.email, null)
|
||||
service_account = try(module.branch-gke-prod-sa-cicd[0].email, null)
|
||||
tf_providers_file = "3-gke-prod-providers.tf"
|
||||
tf_var_files = local.cicd_workflow_var_files.stage_3
|
||||
}
|
||||
networking = {
|
||||
service_account = try(module.branch-network-sa-cicd.0.email, null)
|
||||
service_account = try(module.branch-network-sa-cicd[0].email, null)
|
||||
tf_providers_file = "2-networking-providers.tf"
|
||||
tf_var_files = local.cicd_workflow_var_files.stage_2
|
||||
}
|
||||
project_factory_dev = {
|
||||
service_account = try(module.branch-pf-dev-sa-cicd.0.email, null)
|
||||
service_account = try(module.branch-pf-dev-sa-cicd[0].email, null)
|
||||
tf_providers_file = "3-project-factory-dev-providers.tf"
|
||||
tf_var_files = local.cicd_workflow_var_files.stage_3
|
||||
}
|
||||
project_factory_prod = {
|
||||
service_account = try(module.branch-pf-prod-sa-cicd.0.email, null)
|
||||
service_account = try(module.branch-pf-prod-sa-cicd[0].email, null)
|
||||
tf_providers_file = "3-project-factory-prod-providers.tf"
|
||||
tf_var_files = local.cicd_workflow_var_files.stage_3
|
||||
}
|
||||
security = {
|
||||
service_account = try(module.branch-security-sa-cicd.0.email, null)
|
||||
service_account = try(module.branch-security-sa-cicd[0].email, null)
|
||||
tf_providers_file = "2-security-providers.tf"
|
||||
tf_var_files = local.cicd_workflow_var_files.stage_2
|
||||
}
|
||||
|
@ -75,16 +75,16 @@ locals {
|
|||
}
|
||||
folder_ids = merge(
|
||||
{
|
||||
data-platform-dev = try(module.branch-dp-dev-folder.0.id, null)
|
||||
data-platform-prod = try(module.branch-dp-prod-folder.0.id, null)
|
||||
gke-dev = try(module.branch-gke-dev-folder.0.id, null)
|
||||
gke-prod = try(module.branch-gke-prod-folder.0.id, null)
|
||||
data-platform-dev = try(module.branch-dp-dev-folder[0].id, null)
|
||||
data-platform-prod = try(module.branch-dp-prod-folder[0].id, null)
|
||||
gke-dev = try(module.branch-gke-dev-folder[0].id, null)
|
||||
gke-prod = try(module.branch-gke-prod-folder[0].id, null)
|
||||
networking = module.branch-network-folder.id
|
||||
networking-dev = module.branch-network-dev-folder.id
|
||||
networking-prod = module.branch-network-prod-folder.id
|
||||
sandbox = try(module.branch-sandbox-folder.0.id, null)
|
||||
sandbox = try(module.branch-sandbox-folder[0].id, null)
|
||||
security = module.branch-security-folder.id
|
||||
teams = try(module.branch-teams-folder.0.id, null)
|
||||
teams = try(module.branch-teams-folder[0].id, null)
|
||||
},
|
||||
{
|
||||
for k, v in module.branch-teams-team-folder :
|
||||
|
@ -117,41 +117,41 @@ locals {
|
|||
!var.fast_features.data_platform ? {} : {
|
||||
"3-data-platform-dev" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-dp-dev-gcs.0.name
|
||||
bucket = module.branch-dp-dev-gcs[0].name
|
||||
name = "dp-dev"
|
||||
sa = module.branch-dp-dev-sa.0.email
|
||||
sa = module.branch-dp-dev-sa[0].email
|
||||
})
|
||||
"3-data-platform-prod" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-dp-prod-gcs.0.name
|
||||
bucket = module.branch-dp-prod-gcs[0].name
|
||||
name = "dp-prod"
|
||||
sa = module.branch-dp-prod-sa.0.email
|
||||
sa = module.branch-dp-prod-sa[0].email
|
||||
})
|
||||
},
|
||||
!var.fast_features.gke ? {} : {
|
||||
"3-gke-dev" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-gke-dev-gcs.0.name
|
||||
bucket = module.branch-gke-dev-gcs[0].name
|
||||
name = "gke-dev"
|
||||
sa = module.branch-gke-dev-sa.0.email
|
||||
sa = module.branch-gke-dev-sa[0].email
|
||||
})
|
||||
"3-gke-prod" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-gke-prod-gcs.0.name
|
||||
bucket = module.branch-gke-prod-gcs[0].name
|
||||
name = "gke-prod"
|
||||
sa = module.branch-gke-prod-sa.0.email
|
||||
sa = module.branch-gke-prod-sa[0].email
|
||||
})
|
||||
},
|
||||
!var.fast_features.project_factory ? {} : {
|
||||
"3-project-factory-dev" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-pf-dev-gcs.0.name
|
||||
bucket = module.branch-pf-dev-gcs[0].name
|
||||
name = "team-dev"
|
||||
sa = var.automation.service_accounts.pf-dev
|
||||
})
|
||||
"3-project-factory-prod" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-pf-prod-gcs.0.name
|
||||
bucket = module.branch-pf-prod-gcs[0].name
|
||||
name = "team-prod"
|
||||
sa = var.automation.service_accounts.pf-prod
|
||||
})
|
||||
|
@ -159,7 +159,7 @@ locals {
|
|||
!var.fast_features.sandbox ? {} : {
|
||||
"9-sandbox" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-sandbox-gcs.0.name
|
||||
bucket = module.branch-sandbox-gcs[0].name
|
||||
name = "sandbox"
|
||||
sa = var.automation.service_accounts.sandbox
|
||||
})
|
||||
|
@ -168,9 +168,9 @@ locals {
|
|||
{
|
||||
"3-teams" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-teams-gcs.0.name
|
||||
bucket = module.branch-teams-gcs[0].name
|
||||
name = "teams"
|
||||
sa = module.branch-teams-sa.0.email
|
||||
sa = module.branch-teams-sa[0].email
|
||||
})
|
||||
},
|
||||
{
|
||||
|
@ -207,14 +207,14 @@ output "dataplatform" {
|
|||
description = "Data for the Data Platform stage."
|
||||
value = !var.fast_features.data_platform ? {} : {
|
||||
dev = {
|
||||
folder = module.branch-dp-dev-folder.0.id
|
||||
gcs_bucket = module.branch-dp-dev-gcs.0.name
|
||||
service_account = module.branch-dp-dev-sa.0.email
|
||||
folder = module.branch-dp-dev-folder[0].id
|
||||
gcs_bucket = module.branch-dp-dev-gcs[0].name
|
||||
service_account = module.branch-dp-dev-sa[0].email
|
||||
}
|
||||
prod = {
|
||||
folder = module.branch-dp-prod-folder.0.id
|
||||
gcs_bucket = module.branch-dp-prod-gcs.0.name
|
||||
service_account = module.branch-dp-prod-sa.0.email
|
||||
folder = module.branch-dp-prod-folder[0].id
|
||||
gcs_bucket = module.branch-dp-prod-gcs[0].name
|
||||
service_account = module.branch-dp-prod-sa[0].email
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -226,14 +226,14 @@ output "gke_multitenant" {
|
|||
var.fast_features.gke
|
||||
? {
|
||||
"dev" = {
|
||||
folder = module.branch-gke-dev-folder.0.id
|
||||
gcs_bucket = module.branch-gke-dev-gcs.0.name
|
||||
service_account = module.branch-gke-dev-sa.0.email
|
||||
folder = module.branch-gke-dev-folder[0].id
|
||||
gcs_bucket = module.branch-gke-dev-gcs[0].name
|
||||
service_account = module.branch-gke-dev-sa[0].email
|
||||
}
|
||||
"prod" = {
|
||||
folder = module.branch-gke-prod-folder.0.id
|
||||
gcs_bucket = module.branch-gke-prod-gcs.0.name
|
||||
service_account = module.branch-gke-prod-sa.0.email
|
||||
folder = module.branch-gke-prod-folder[0].id
|
||||
gcs_bucket = module.branch-gke-prod-gcs[0].name
|
||||
service_account = module.branch-gke-prod-sa[0].email
|
||||
}
|
||||
}
|
||||
: {}
|
||||
|
@ -253,11 +253,11 @@ output "project_factories" {
|
|||
description = "Data for the project factories stage."
|
||||
value = !var.fast_features.project_factory ? {} : {
|
||||
dev = {
|
||||
bucket = module.branch-pf-dev-gcs.0.name
|
||||
bucket = module.branch-pf-dev-gcs[0].name
|
||||
sa = var.automation.service_accounts.pf-dev
|
||||
}
|
||||
prod = {
|
||||
bucket = module.branch-pf-prod-gcs.0.name
|
||||
bucket = module.branch-pf-prod-gcs[0].name
|
||||
sa = var.automation.service_accounts.pf-prod
|
||||
}
|
||||
}
|
||||
|
@ -277,8 +277,8 @@ output "sandbox" {
|
|||
value = (
|
||||
var.fast_features.sandbox
|
||||
? {
|
||||
folder = module.branch-sandbox-folder.0.id
|
||||
gcs_bucket = module.branch-sandbox-gcs.0.name
|
||||
folder = module.branch-sandbox-folder[0].id
|
||||
gcs_bucket = module.branch-sandbox-gcs[0].name
|
||||
service_account = var.automation.service_accounts.sandbox
|
||||
}
|
||||
: null
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -68,7 +68,7 @@ module "billing-export-project" {
|
|||
module "billing-export-dataset" {
|
||||
source = "../../../modules/bigquery-dataset"
|
||||
count = local.billing_mode == "org" ? 1 : 0
|
||||
project_id = module.billing-export-project.0.project_id
|
||||
project_id = module.billing-export-project[0].project_id
|
||||
id = "billing_export"
|
||||
friendly_name = "Billing export."
|
||||
location = local.locations.bq
|
||||
|
|
|
@ -141,14 +141,14 @@ module "automation-tf-checklist-gcs" {
|
|||
|
||||
resource "google_storage_bucket_object" "checklist_data" {
|
||||
count = var.factories_config.checklist_data != null ? 1 : 0
|
||||
bucket = module.automation-tf-checklist-gcs.0.name
|
||||
bucket = module.automation-tf-checklist-gcs[0].name
|
||||
name = "checklist/data.tfvars.json"
|
||||
source = var.factories_config.checklist_data
|
||||
}
|
||||
|
||||
resource "google_storage_bucket_object" "checklist_org_iam" {
|
||||
count = var.factories_config.checklist_org_iam != null ? 1 : 0
|
||||
bucket = module.automation-tf-checklist-gcs.0.name
|
||||
bucket = module.automation-tf-checklist-gcs[0].name
|
||||
name = "checklist/org-iam.tfvars.json"
|
||||
source = var.factories_config.checklist_org_iam
|
||||
}
|
||||
|
|
|
@ -122,12 +122,12 @@ module "automation-tf-cicd-sa" {
|
|||
each.value.branch == null
|
||||
? format(
|
||||
local.workload_identity_providers_defs[each.value.type].principal_repo,
|
||||
google_iam_workload_identity_pool.default.0.name,
|
||||
google_iam_workload_identity_pool.default[0].name,
|
||||
each.value.name
|
||||
)
|
||||
: format(
|
||||
local.workload_identity_providers_defs[each.value.type].principal_branch,
|
||||
google_iam_workload_identity_pool.default.0.name,
|
||||
google_iam_workload_identity_pool.default[0].name,
|
||||
each.value.name,
|
||||
each.value.branch
|
||||
)
|
||||
|
@ -158,7 +158,7 @@ module "automation-tf-cicd-r-sa" {
|
|||
"roles/iam.workloadIdentityUser" = [
|
||||
format(
|
||||
local.workload_identity_providers_defs[each.value.type].principal_repo,
|
||||
google_iam_workload_identity_pool.default.0.name,
|
||||
google_iam_workload_identity_pool.default[0].name,
|
||||
each.value.name
|
||||
)
|
||||
]
|
||||
|
|
|
@ -96,9 +96,9 @@ resource "google_iam_workforce_pool_provider" "default" {
|
|||
description = each.value.description
|
||||
disabled = each.value.disabled
|
||||
display_name = each.value.display_name
|
||||
location = google_iam_workforce_pool.default.0.location
|
||||
location = google_iam_workforce_pool.default[0].location
|
||||
provider_id = "${var.prefix}-bootstrap-${each.key}"
|
||||
workforce_pool_id = google_iam_workforce_pool.default.0.workforce_pool_id
|
||||
workforce_pool_id = google_iam_workforce_pool.default[0].workforce_pool_id
|
||||
saml {
|
||||
idp_metadata_xml = each.value.saml.idp_metadata_xml
|
||||
}
|
||||
|
@ -116,7 +116,7 @@ resource "google_iam_workload_identity_pool_provider" "default" {
|
|||
for_each = local.workload_identity_providers
|
||||
project = module.automation-project.project_id
|
||||
workload_identity_pool_id = (
|
||||
google_iam_workload_identity_pool.default.0.workload_identity_pool_id
|
||||
google_iam_workload_identity_pool.default[0].workload_identity_pool_id
|
||||
)
|
||||
workload_identity_pool_provider_id = "${var.prefix}-bootstrap-${each.key}"
|
||||
attribute_condition = each.value.attribute_condition
|
||||
|
|
|
@ -21,12 +21,12 @@ locals {
|
|||
# use the same dataset for all sinks with `bigquery` as destination
|
||||
{
|
||||
for k, v in var.log_sinks :
|
||||
k => module.log-export-dataset.0 if v.type == "bigquery"
|
||||
k => module.log-export-dataset[0] if v.type == "bigquery"
|
||||
},
|
||||
# use the same gcs bucket for all sinks with `storage` as destination
|
||||
{
|
||||
for k, v in var.log_sinks :
|
||||
k => module.log-export-gcs.0 if v.type == "storage"
|
||||
k => module.log-export-gcs[0] if v.type == "storage"
|
||||
},
|
||||
# use separate pubsub topics and logging buckets for sinks with
|
||||
# destination `pubsub` and `logging`
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -81,7 +81,7 @@ locals {
|
|||
tfvars = {
|
||||
automation = {
|
||||
federated_identity_pool = try(
|
||||
google_iam_workload_identity_pool.default.0.name, null
|
||||
google_iam_workload_identity_pool.default[0].name, null
|
||||
)
|
||||
federated_identity_providers = local.cicd_providers
|
||||
outputs_bucket = module.automation-tf-output-gcs.name
|
||||
|
@ -128,7 +128,7 @@ output "automation" {
|
|||
|
||||
output "billing_dataset" {
|
||||
description = "BigQuery dataset prepared for billing export."
|
||||
value = try(module.billing-export-dataset.0.id, null)
|
||||
value = try(module.billing-export-dataset[0].id, null)
|
||||
}
|
||||
|
||||
output "cicd_repositories" {
|
||||
|
@ -157,7 +157,7 @@ output "project_ids" {
|
|||
description = "Projects created by this stage."
|
||||
value = {
|
||||
automation = module.automation-project.project_id
|
||||
billing-export = try(module.billing-export-project.0.project_id, null)
|
||||
billing-export = try(module.billing-export-project[0].project_id, null)
|
||||
log-export = module.log-export-project.project_id
|
||||
}
|
||||
}
|
||||
|
@ -198,7 +198,7 @@ output "workforce_identity_pool" {
|
|||
description = "Workforce Identity Federation pool."
|
||||
value = {
|
||||
pool = try(
|
||||
google_iam_workforce_pool.default.0.name, null
|
||||
google_iam_workforce_pool.default[0].name, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
@ -207,7 +207,7 @@ output "workload_identity_pool" {
|
|||
description = "Workload Identity Federation pool and providers."
|
||||
value = {
|
||||
pool = try(
|
||||
google_iam_workload_identity_pool.default.0.name, null
|
||||
google_iam_workload_identity_pool.default[0].name, null
|
||||
)
|
||||
providers = local.cicd_providers
|
||||
}
|
||||
|
|
|
@ -32,7 +32,7 @@ module "branch-dp-folder" {
|
|||
module "branch-dp-dev-folder" {
|
||||
source = "../../../modules/folder"
|
||||
count = var.fast_features.data_platform ? 1 : 0
|
||||
parent = module.branch-dp-folder.0.id
|
||||
parent = module.branch-dp-folder[0].id
|
||||
name = "Development"
|
||||
iam_by_principals = {}
|
||||
# owner and viewer roles are broad and might grant unwanted access
|
||||
|
@ -40,15 +40,15 @@ module "branch-dp-dev-folder" {
|
|||
iam = {
|
||||
# read-write (apply) automation service account
|
||||
(local.custom_roles.service_project_network_admin) = [
|
||||
module.branch-dp-dev-sa.0.iam_email
|
||||
module.branch-dp-dev-sa[0].iam_email
|
||||
]
|
||||
"roles/logging.admin" = [module.branch-dp-dev-sa.0.iam_email]
|
||||
"roles/owner" = [module.branch-dp-dev-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-dp-dev-sa.0.iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-dp-dev-sa.0.iam_email]
|
||||
"roles/logging.admin" = [module.branch-dp-dev-sa[0].iam_email]
|
||||
"roles/owner" = [module.branch-dp-dev-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-dp-dev-sa[0].iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-dp-dev-sa[0].iam_email]
|
||||
# read-only (plan) automation service account
|
||||
"roles/viewer" = [module.branch-dp-dev-r-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-dp-dev-r-sa.0.iam_email]
|
||||
"roles/viewer" = [module.branch-dp-dev-r-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-dp-dev-r-sa[0].iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(
|
||||
|
@ -61,21 +61,21 @@ module "branch-dp-dev-folder" {
|
|||
module "branch-dp-prod-folder" {
|
||||
source = "../../../modules/folder"
|
||||
count = var.fast_features.data_platform ? 1 : 0
|
||||
parent = module.branch-dp-folder.0.id
|
||||
parent = module.branch-dp-folder[0].id
|
||||
name = "Production"
|
||||
iam_by_principals = {}
|
||||
# owner and viewer roles are broad and might grant unwanted access
|
||||
# replace them with more selective custom roles for production deployments
|
||||
iam = {
|
||||
# read-write (apply) automation service account
|
||||
(local.custom_roles.service_project_network_admin) = [module.branch-dp-prod-sa.0.iam_email]
|
||||
"roles/owner" = [module.branch-dp-prod-sa.0.iam_email]
|
||||
"roles/logging.admin" = [module.branch-dp-prod-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-dp-prod-sa.0.iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-dp-prod-sa.0.iam_email]
|
||||
(local.custom_roles.service_project_network_admin) = [module.branch-dp-prod-sa[0].iam_email]
|
||||
"roles/owner" = [module.branch-dp-prod-sa[0].iam_email]
|
||||
"roles/logging.admin" = [module.branch-dp-prod-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-dp-prod-sa[0].iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-dp-prod-sa[0].iam_email]
|
||||
# read-only (plan) automation service account
|
||||
"roles/viewer" = [module.branch-dp-prod-r-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-dp-prod-r-sa.0.iam_email]
|
||||
"roles/viewer" = [module.branch-dp-prod-r-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-dp-prod-r-sa[0].iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(
|
||||
|
@ -96,7 +96,7 @@ module "branch-dp-dev-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-dp-dev-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-dp-dev-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -116,7 +116,7 @@ module "branch-dp-prod-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-dp-prod-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-dp-prod-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_storage_roles = {
|
||||
|
@ -135,7 +135,7 @@ module "branch-dp-dev-r-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-dp-dev-r-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-dp-dev-r-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -155,7 +155,7 @@ module "branch-dp-prod-r-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-dp-prod-r-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-dp-prod-r-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -178,8 +178,8 @@ module "branch-dp-dev-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-dp-dev-sa.0.iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-dp-dev-r-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-dp-dev-sa[0].iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-dp-dev-r-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -193,7 +193,7 @@ module "branch-dp-prod-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-dp-prod-sa.0.iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-dp-prod-r-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-dp-prod-sa[0].iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-dp-prod-r-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,18 +32,18 @@ module "branch-gcve-folder" {
|
|||
module "branch-gcve-dev-folder" {
|
||||
source = "../../../modules/folder"
|
||||
count = var.fast_features.gcve ? 1 : 0
|
||||
parent = module.branch-gcve-folder.0.id
|
||||
parent = module.branch-gcve-folder[0].id
|
||||
name = "Development"
|
||||
iam = {
|
||||
# read-write (apply) automation service account
|
||||
"roles/owner" = [module.branch-gcve-dev-sa.0.iam_email]
|
||||
"roles/logging.admin" = [module.branch-gcve-dev-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-gcve-dev-sa.0.iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-gcve-dev-sa.0.iam_email]
|
||||
"roles/compute.xpnAdmin" = [module.branch-gcve-dev-sa.0.iam_email]
|
||||
"roles/owner" = [module.branch-gcve-dev-sa[0].iam_email]
|
||||
"roles/logging.admin" = [module.branch-gcve-dev-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-gcve-dev-sa[0].iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-gcve-dev-sa[0].iam_email]
|
||||
"roles/compute.xpnAdmin" = [module.branch-gcve-dev-sa[0].iam_email]
|
||||
# read-only (plan) automation service account
|
||||
"roles/viewer" = [module.branch-gcve-dev-r-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-gcve-dev-r-sa.0.iam_email]
|
||||
"roles/viewer" = [module.branch-gcve-dev-r-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-gcve-dev-r-sa[0].iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(
|
||||
|
@ -56,18 +56,18 @@ module "branch-gcve-dev-folder" {
|
|||
module "branch-gcve-prod-folder" {
|
||||
source = "../../../modules/folder"
|
||||
count = var.fast_features.gcve ? 1 : 0
|
||||
parent = module.branch-gcve-folder.0.id
|
||||
parent = module.branch-gcve-folder[0].id
|
||||
name = "Production"
|
||||
iam = {
|
||||
# read-write (apply) automation service account
|
||||
"roles/owner" = [module.branch-gcve-prod-sa.0.iam_email]
|
||||
"roles/logging.admin" = [module.branch-gcve-prod-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-gcve-prod-sa.0.iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-gcve-prod-sa.0.iam_email]
|
||||
"roles/compute.xpnAdmin" = [module.branch-gcve-prod-sa.0.iam_email]
|
||||
"roles/owner" = [module.branch-gcve-prod-sa[0].iam_email]
|
||||
"roles/logging.admin" = [module.branch-gcve-prod-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-gcve-prod-sa[0].iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-gcve-prod-sa[0].iam_email]
|
||||
"roles/compute.xpnAdmin" = [module.branch-gcve-prod-sa[0].iam_email]
|
||||
# read-only (plan) automation service account
|
||||
"roles/viewer" = [module.branch-gcve-prod-r-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-gcve-prod-r-sa.0.iam_email]
|
||||
"roles/viewer" = [module.branch-gcve-prod-r-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-gcve-prod-r-sa[0].iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(
|
||||
|
@ -90,7 +90,7 @@ module "branch-gcve-dev-sa" {
|
|||
"roles/iam.serviceAccountTokenCreator" = concat(
|
||||
[local.principals.gcp-devops],
|
||||
compact([
|
||||
try(module.branch-gcve-dev-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-gcve-dev-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
)
|
||||
}
|
||||
|
@ -113,7 +113,7 @@ module "branch-gcve-prod-sa" {
|
|||
"roles/iam.serviceAccountTokenCreator" = concat(
|
||||
[local.principals.gcp-devops],
|
||||
compact([
|
||||
try(module.branch-gcve-prod-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-gcve-prod-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
)
|
||||
}
|
||||
|
@ -136,7 +136,7 @@ module "branch-gcve-dev-r-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-gcve-dev-r-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-gcve-dev-r-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -156,7 +156,7 @@ module "branch-gcve-prod-r-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-gcve-prod-r-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-gcve-prod-r-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -179,8 +179,8 @@ module "branch-gcve-dev-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-gcve-dev-sa.0.iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-gcve-dev-r-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-gcve-dev-sa[0].iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-gcve-dev-r-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -194,7 +194,7 @@ module "branch-gcve-prod-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-gcve-prod-sa.0.iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-gcve-prod-r-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-gcve-prod-sa[0].iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-gcve-prod-r-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,18 +32,18 @@ module "branch-gke-folder" {
|
|||
module "branch-gke-dev-folder" {
|
||||
source = "../../../modules/folder"
|
||||
count = var.fast_features.gke ? 1 : 0
|
||||
parent = module.branch-gke-folder.0.id
|
||||
parent = module.branch-gke-folder[0].id
|
||||
name = "Development"
|
||||
iam = {
|
||||
# read-write (apply) automation service account
|
||||
"roles/owner" = [module.branch-gke-dev-sa.0.iam_email]
|
||||
"roles/logging.admin" = [module.branch-gke-dev-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-gke-dev-sa.0.iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-gke-dev-sa.0.iam_email]
|
||||
"roles/compute.xpnAdmin" = [module.branch-gke-dev-sa.0.iam_email]
|
||||
"roles/owner" = [module.branch-gke-dev-sa[0].iam_email]
|
||||
"roles/logging.admin" = [module.branch-gke-dev-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-gke-dev-sa[0].iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-gke-dev-sa[0].iam_email]
|
||||
"roles/compute.xpnAdmin" = [module.branch-gke-dev-sa[0].iam_email]
|
||||
# read-only (plan) automation service account
|
||||
"roles/viewer" = [module.branch-gke-dev-r-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-gke-dev-r-sa.0.iam_email]
|
||||
"roles/viewer" = [module.branch-gke-dev-r-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-gke-dev-r-sa[0].iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(
|
||||
|
@ -56,18 +56,18 @@ module "branch-gke-dev-folder" {
|
|||
module "branch-gke-prod-folder" {
|
||||
source = "../../../modules/folder"
|
||||
count = var.fast_features.gke ? 1 : 0
|
||||
parent = module.branch-gke-folder.0.id
|
||||
parent = module.branch-gke-folder[0].id
|
||||
name = "Production"
|
||||
iam = {
|
||||
# read-write (apply) automation service account
|
||||
"roles/owner" = [module.branch-gke-prod-sa.0.iam_email]
|
||||
"roles/logging.admin" = [module.branch-gke-prod-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-gke-prod-sa.0.iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-gke-prod-sa.0.iam_email]
|
||||
"roles/compute.xpnAdmin" = [module.branch-gke-prod-sa.0.iam_email]
|
||||
"roles/owner" = [module.branch-gke-prod-sa[0].iam_email]
|
||||
"roles/logging.admin" = [module.branch-gke-prod-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-gke-prod-sa[0].iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-gke-prod-sa[0].iam_email]
|
||||
"roles/compute.xpnAdmin" = [module.branch-gke-prod-sa[0].iam_email]
|
||||
# read-only (plan) automation service account
|
||||
"roles/viewer" = [module.branch-gke-prod-r-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-gke-prod-r-sa.0.iam_email]
|
||||
"roles/viewer" = [module.branch-gke-prod-r-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderViewer" = [module.branch-gke-prod-r-sa[0].iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(
|
||||
|
@ -90,7 +90,7 @@ module "branch-gke-dev-sa" {
|
|||
"roles/iam.serviceAccountTokenCreator" = concat(
|
||||
[local.principals.gcp-devops],
|
||||
compact([
|
||||
try(module.branch-gke-dev-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-gke-dev-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
)
|
||||
}
|
||||
|
@ -113,7 +113,7 @@ module "branch-gke-prod-sa" {
|
|||
"roles/iam.serviceAccountTokenCreator" = concat(
|
||||
[local.principals.gcp-devops],
|
||||
compact([
|
||||
try(module.branch-gke-prod-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-gke-prod-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
)
|
||||
}
|
||||
|
@ -136,7 +136,7 @@ module "branch-gke-dev-r-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-gke-dev-r-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-gke-dev-r-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -156,7 +156,7 @@ module "branch-gke-prod-r-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-gke-prod-r-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-gke-prod-r-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -179,8 +179,8 @@ module "branch-gke-dev-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-gke-dev-sa.0.iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-gke-dev-r-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-gke-dev-sa[0].iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-gke-dev-r-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -194,7 +194,7 @@ module "branch-gke-prod-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-gke-prod-sa.0.iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-gke-prod-r-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-gke-prod-sa[0].iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-gke-prod-r-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -126,7 +126,7 @@ module "branch-network-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-network-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-network-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -147,7 +147,7 @@ module "branch-network-r-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-network-r-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-network-r-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -27,7 +27,7 @@ module "branch-pf-dev-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-pf-dev-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-pf-dev-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -47,7 +47,7 @@ module "branch-pf-prod-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-pf-prod-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-pf-prod-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -69,7 +69,7 @@ module "branch-pf-dev-r-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-pf-dev-r-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-pf-dev-r-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -89,7 +89,7 @@ module "branch-pf-prod-r-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-pf-prod-r-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-pf-prod-r-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -112,8 +112,8 @@ module "branch-pf-dev-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-pf-dev-sa.0.iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-pf-dev-r-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-pf-dev-sa[0].iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-pf-dev-r-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -127,7 +127,7 @@ module "branch-pf-prod-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-pf-prod-sa.0.iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-pf-prod-r-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-pf-prod-sa[0].iam_email]
|
||||
"roles/storage.objectViewer" = [module.branch-pf-prod-r-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -19,10 +19,10 @@
|
|||
locals {
|
||||
# FAST-specific IAM
|
||||
_sandbox_folder_fast_iam = !var.fast_features.sandbox ? {} : {
|
||||
"roles/logging.admin" = [module.branch-sandbox-sa.0.iam_email]
|
||||
"roles/owner" = [module.branch-sandbox-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-sandbox-sa.0.iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-sandbox-sa.0.iam_email]
|
||||
"roles/logging.admin" = [module.branch-sandbox-sa[0].iam_email]
|
||||
"roles/owner" = [module.branch-sandbox-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-sandbox-sa[0].iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-sandbox-sa[0].iam_email]
|
||||
}
|
||||
# deep-merge FAST-specific IAM with user-provided bindings in var.folder_iam
|
||||
_sandbox_folder_iam = merge(
|
||||
|
@ -62,7 +62,7 @@ module "branch-sandbox-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-sandbox-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-sandbox-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -67,7 +67,7 @@ module "branch-security-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-security-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-security-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
@ -88,7 +88,7 @@ module "branch-security-r-sa" {
|
|||
prefix = var.prefix
|
||||
iam = {
|
||||
"roles/iam.serviceAccountTokenCreator" = compact([
|
||||
try(module.branch-security-r-sa-cicd.0.iam_email, null)
|
||||
try(module.branch-security-r-sa-cicd[0].iam_email, null)
|
||||
])
|
||||
}
|
||||
iam_project_roles = {
|
||||
|
|
|
@ -20,11 +20,11 @@
|
|||
locals {
|
||||
# FAST-specific IAM
|
||||
_teams_folder_fast_iam = !var.fast_features.teams ? {} : {
|
||||
"roles/logging.admin" = [module.branch-teams-sa.0.iam_email]
|
||||
"roles/owner" = [module.branch-teams-sa.0.iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-teams-sa.0.iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-teams-sa.0.iam_email]
|
||||
"roles/compute.xpnAdmin" = [module.branch-teams-sa.0.iam_email]
|
||||
"roles/logging.admin" = [module.branch-teams-sa[0].iam_email]
|
||||
"roles/owner" = [module.branch-teams-sa[0].iam_email]
|
||||
"roles/resourcemanager.folderAdmin" = [module.branch-teams-sa[0].iam_email]
|
||||
"roles/resourcemanager.projectCreator" = [module.branch-teams-sa[0].iam_email]
|
||||
"roles/compute.xpnAdmin" = [module.branch-teams-sa[0].iam_email]
|
||||
}
|
||||
# deep-merge FAST-specific IAM with user-provided bindings in var.folder_iam
|
||||
_teams_folder_iam = merge(
|
||||
|
@ -74,7 +74,7 @@ module "branch-teams-gcs" {
|
|||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-teams-sa.0.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-teams-sa[0].iam_email]
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -82,7 +82,7 @@ module "branch-teams-gcs" {
|
|||
module "branch-teams-team-folder" {
|
||||
source = "../../../modules/folder"
|
||||
for_each = var.fast_features.teams ? coalesce(var.team_folders, {}) : {}
|
||||
parent = module.branch-teams-folder.0.id
|
||||
parent = module.branch-teams-folder[0].id
|
||||
name = each.value.descriptive_name
|
||||
iam = {
|
||||
"roles/logging.admin" = [module.branch-teams-team-sa[each.key].iam_email]
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -29,10 +29,10 @@ module "branch-dp-dev-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = compact([
|
||||
try(module.branch-dp-dev-sa.0.iam_email, "")
|
||||
try(module.branch-dp-dev-sa[0].iam_email, "")
|
||||
])
|
||||
"roles/source.reader" = compact([
|
||||
try(module.branch-dp-dev-sa-cicd.0.iam_email, "")
|
||||
try(module.branch-dp-dev-sa-cicd[0].iam_email, "")
|
||||
])
|
||||
}
|
||||
triggers = {
|
||||
|
@ -41,7 +41,7 @@ module "branch-dp-dev-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-dp-dev-sa-cicd.0.id
|
||||
service_account = module.branch-dp-dev-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
@ -64,8 +64,8 @@ module "branch-dp-prod-cicd-repo" {
|
|||
project_id = var.automation.project_id
|
||||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = [module.branch-dp-prod-sa.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-dp-prod-sa-cicd.0.iam_email]
|
||||
"roles/source.admin" = [module.branch-dp-prod-sa[0].iam_email]
|
||||
"roles/source.reader" = [module.branch-dp-prod-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-03-dp-prod = {
|
||||
|
@ -73,7 +73,7 @@ module "branch-dp-prod-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-dp-prod-sa-cicd.0.id
|
||||
service_account = module.branch-dp-prod-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -29,10 +29,10 @@ module "branch-gcve-dev-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = compact([
|
||||
try(module.branch-gcve-dev-sa.0.iam_email, "")
|
||||
try(module.branch-gcve-dev-sa[0].iam_email, "")
|
||||
])
|
||||
"roles/source.reader" = compact([
|
||||
try(module.branch-gcve-dev-sa-cicd.0.iam_email, "")
|
||||
try(module.branch-gcve-dev-sa-cicd[0].iam_email, "")
|
||||
])
|
||||
}
|
||||
triggers = {
|
||||
|
@ -41,7 +41,7 @@ module "branch-gcve-dev-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-gcve-dev-sa-cicd.0.id
|
||||
service_account = module.branch-gcve-dev-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
@ -64,8 +64,8 @@ module "branch-gcve-prod-cicd-repo" {
|
|||
project_id = var.automation.project_id
|
||||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = [module.branch-gcve-prod-sa.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-gcve-prod-sa-cicd.0.iam_email]
|
||||
"roles/source.admin" = [module.branch-gcve-prod-sa[0].iam_email]
|
||||
"roles/source.reader" = [module.branch-gcve-prod-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-03-gcve-prod = {
|
||||
|
@ -73,7 +73,7 @@ module "branch-gcve-prod-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-gcve-prod-sa-cicd.0.id
|
||||
service_account = module.branch-gcve-prod-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -29,10 +29,10 @@ module "branch-gke-dev-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = compact([
|
||||
try(module.branch-gke-dev-sa.0.iam_email, "")
|
||||
try(module.branch-gke-dev-sa[0].iam_email, "")
|
||||
])
|
||||
"roles/source.reader" = compact([
|
||||
try(module.branch-gke-dev-sa-cicd.0.iam_email, "")
|
||||
try(module.branch-gke-dev-sa-cicd[0].iam_email, "")
|
||||
])
|
||||
}
|
||||
triggers = {
|
||||
|
@ -41,7 +41,7 @@ module "branch-gke-dev-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-gke-dev-sa-cicd.0.id
|
||||
service_account = module.branch-gke-dev-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
@ -64,8 +64,8 @@ module "branch-gke-prod-cicd-repo" {
|
|||
project_id = var.automation.project_id
|
||||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = [module.branch-gke-prod-sa.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-gke-prod-sa-cicd.0.iam_email]
|
||||
"roles/source.admin" = [module.branch-gke-prod-sa[0].iam_email]
|
||||
"roles/source.reader" = [module.branch-gke-prod-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-03-gke-prod = {
|
||||
|
@ -73,7 +73,7 @@ module "branch-gke-prod-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-gke-prod-sa-cicd.0.id
|
||||
service_account = module.branch-gke-prod-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -29,13 +29,13 @@ module "branch-network-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = [module.branch-network-sa.iam_email]
|
||||
"roles/source.reader" = [module.branch-network-sa-cicd.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-network-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-02-networking = {
|
||||
filename = ".cloudbuild/workflow.yaml"
|
||||
included_files = ["**/*tf", ".cloudbuild/workflow.yaml"]
|
||||
service_account = module.branch-network-sa-cicd.0.id
|
||||
service_account = module.branch-network-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -28,8 +28,8 @@ module "branch-pf-dev-cicd-repo" {
|
|||
project_id = var.automation.project_id
|
||||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = [module.branch-pf-dev-sa.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-pf-dev-sa-cicd.0.iam_email]
|
||||
"roles/source.admin" = [module.branch-pf-dev-sa[0].iam_email]
|
||||
"roles/source.reader" = [module.branch-pf-dev-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-03-pf-dev = {
|
||||
|
@ -37,7 +37,7 @@ module "branch-pf-dev-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-pf-dev-sa-cicd.0.id
|
||||
service_account = module.branch-pf-dev-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
@ -60,8 +60,8 @@ module "branch-pf-prod-cicd-repo" {
|
|||
project_id = var.automation.project_id
|
||||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = [module.branch-pf-prod-sa.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-pf-prod-sa-cicd.0.iam_email]
|
||||
"roles/source.admin" = [module.branch-pf-prod-sa[0].iam_email]
|
||||
"roles/source.reader" = [module.branch-pf-prod-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-03-pf-prod = {
|
||||
|
@ -69,7 +69,7 @@ module "branch-pf-prod-cicd-repo" {
|
|||
included_files = [
|
||||
"**/*json", "**/*tf", "**/*yaml", ".cloudbuild/workflow.yaml"
|
||||
]
|
||||
service_account = module.branch-pf-prod-sa-cicd.0.id
|
||||
service_account = module.branch-pf-prod-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -29,13 +29,13 @@ module "branch-security-cicd-repo" {
|
|||
name = each.value.name
|
||||
iam = {
|
||||
"roles/source.admin" = [module.branch-security-sa.iam_email]
|
||||
"roles/source.reader" = [module.branch-security-sa-cicd.0.iam_email]
|
||||
"roles/source.reader" = [module.branch-security-sa-cicd[0].iam_email]
|
||||
}
|
||||
triggers = {
|
||||
fast-02-security = {
|
||||
filename = ".cloudbuild/workflow.yaml"
|
||||
included_files = ["**/*tf", ".cloudbuild/workflow.yaml"]
|
||||
service_account = module.branch-security-sa-cicd.0.id
|
||||
service_account = module.branch-security-sa-cicd[0].id
|
||||
substitutions = {}
|
||||
template = {
|
||||
project_id = null
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -17,7 +17,7 @@
|
|||
locals {
|
||||
# convenience flags that express where billing account resides
|
||||
automation_resman_sa = try(
|
||||
data.google_client_openid_userinfo.provider_identity.0.email, null
|
||||
data.google_client_openid_userinfo.provider_identity[0].email, null
|
||||
)
|
||||
automation_resman_sa_iam = (
|
||||
local.automation_resman_sa == null
|
||||
|
@ -26,24 +26,24 @@ locals {
|
|||
)
|
||||
# service accounts that receive additional grants on networking/security
|
||||
branch_optional_sa_lists = {
|
||||
dp-dev = compact([try(module.branch-dp-dev-sa.0.iam_email, "")])
|
||||
dp-prod = compact([try(module.branch-dp-prod-sa.0.iam_email, "")])
|
||||
gcve-dev = compact([try(module.branch-gcve-dev-sa.0.iam_email, "")])
|
||||
gcve-prod = compact([try(module.branch-gcve-prod-sa.0.iam_email, "")])
|
||||
gke-dev = compact([try(module.branch-gke-dev-sa.0.iam_email, "")])
|
||||
gke-prod = compact([try(module.branch-gke-prod-sa.0.iam_email, "")])
|
||||
pf-dev = compact([try(module.branch-pf-dev-sa.0.iam_email, "")])
|
||||
pf-prod = compact([try(module.branch-pf-prod-sa.0.iam_email, "")])
|
||||
dp-dev = compact([try(module.branch-dp-dev-sa[0].iam_email, "")])
|
||||
dp-prod = compact([try(module.branch-dp-prod-sa[0].iam_email, "")])
|
||||
gcve-dev = compact([try(module.branch-gcve-dev-sa[0].iam_email, "")])
|
||||
gcve-prod = compact([try(module.branch-gcve-prod-sa[0].iam_email, "")])
|
||||
gke-dev = compact([try(module.branch-gke-dev-sa[0].iam_email, "")])
|
||||
gke-prod = compact([try(module.branch-gke-prod-sa[0].iam_email, "")])
|
||||
pf-dev = compact([try(module.branch-pf-dev-sa[0].iam_email, "")])
|
||||
pf-prod = compact([try(module.branch-pf-prod-sa[0].iam_email, "")])
|
||||
}
|
||||
branch_optional_r_sa_lists = {
|
||||
dp-dev = compact([try(module.branch-dp-dev-r-sa.0.iam_email, "")])
|
||||
dp-prod = compact([try(module.branch-dp-prod-r-sa.0.iam_email, "")])
|
||||
gcve-dev = compact([try(module.branch-gcve-dev-r-sa.0.iam_email, "")])
|
||||
gcve-prod = compact([try(module.branch-gcve-prod-r-sa.0.iam_email, "")])
|
||||
gke-dev = compact([try(module.branch-gke-dev-r-sa.0.iam_email, "")])
|
||||
gke-prod = compact([try(module.branch-gke-prod-r-sa.0.iam_email, "")])
|
||||
pf-dev = compact([try(module.branch-pf-dev-r-sa.0.iam_email, "")])
|
||||
pf-prod = compact([try(module.branch-pf-prod-r-sa.0.iam_email, "")])
|
||||
dp-dev = compact([try(module.branch-dp-dev-r-sa[0].iam_email, "")])
|
||||
dp-prod = compact([try(module.branch-dp-prod-r-sa[0].iam_email, "")])
|
||||
gcve-dev = compact([try(module.branch-gcve-dev-r-sa[0].iam_email, "")])
|
||||
gcve-prod = compact([try(module.branch-gcve-prod-r-sa[0].iam_email, "")])
|
||||
gke-dev = compact([try(module.branch-gke-dev-r-sa[0].iam_email, "")])
|
||||
gke-prod = compact([try(module.branch-gke-prod-r-sa[0].iam_email, "")])
|
||||
pf-dev = compact([try(module.branch-pf-dev-r-sa[0].iam_email, "")])
|
||||
pf-prod = compact([try(module.branch-pf-prod-r-sa[0].iam_email, "")])
|
||||
}
|
||||
# normalize CI/CD repositories
|
||||
cicd_repositories = {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -51,48 +51,48 @@ locals {
|
|||
# optional billing roles for data platform
|
||||
local.billing_mode != "org" || !var.fast_features.data_platform ? {} : {
|
||||
sa_dp_dev_billing = {
|
||||
member = module.branch-dp-dev-sa.0.iam_email
|
||||
member = module.branch-dp-dev-sa[0].iam_email
|
||||
role = "roles/billing.user"
|
||||
}
|
||||
sa_dp_prod_billing = {
|
||||
member = module.branch-dp-prod-sa.0.iam_email
|
||||
member = module.branch-dp-prod-sa[0].iam_email
|
||||
role = "roles/billing.user"
|
||||
}
|
||||
},
|
||||
# optional billing roles for GKE
|
||||
local.billing_mode != "org" || !var.fast_features.gke ? {} : {
|
||||
sa_gke_dev_billing = {
|
||||
member = module.branch-gke-dev-sa.0.iam_email
|
||||
member = module.branch-gke-dev-sa[0].iam_email
|
||||
role = "roles/billing.user"
|
||||
}
|
||||
sa_gke_prod_billing = {
|
||||
member = module.branch-gke-prod-sa.0.iam_email
|
||||
member = module.branch-gke-prod-sa[0].iam_email
|
||||
role = "roles/billing.user"
|
||||
}
|
||||
},
|
||||
# optional billing roles for project factory
|
||||
local.billing_mode != "org" || !var.fast_features.project_factory ? {} : {
|
||||
sa_pf_dev_billing = {
|
||||
member = module.branch-pf-dev-sa.0.iam_email
|
||||
member = module.branch-pf-dev-sa[0].iam_email
|
||||
role = "roles/billing.user"
|
||||
}
|
||||
sa_pf_dev_costs_manager = {
|
||||
member = module.branch-pf-dev-sa.0.iam_email
|
||||
member = module.branch-pf-dev-sa[0].iam_email
|
||||
role = "roles/billing.costsManager"
|
||||
}
|
||||
sa_pf_prod_billing = {
|
||||
member = module.branch-pf-prod-sa.0.iam_email
|
||||
member = module.branch-pf-prod-sa[0].iam_email
|
||||
role = "roles/billing.user"
|
||||
}
|
||||
sa_pf_prod_costs_manager = {
|
||||
member = module.branch-pf-prod-sa.0.iam_email
|
||||
member = module.branch-pf-prod-sa[0].iam_email
|
||||
role = "roles/billing.costsManager"
|
||||
}
|
||||
},
|
||||
# scoped org policy admin grants for project factory
|
||||
!var.fast_features.project_factory ? {} : {
|
||||
sa_pf_dev_conditional_org_policy = {
|
||||
member = module.branch-pf-dev-sa.0.iam_email
|
||||
member = module.branch-pf-dev-sa[0].iam_email
|
||||
role = "roles/orgpolicy.policyAdmin"
|
||||
condition = {
|
||||
title = "org_policy_tag_pf_scoped_dev"
|
||||
|
@ -105,7 +105,7 @@ locals {
|
|||
}
|
||||
}
|
||||
sa_pf_prod_conditional_org_policy = {
|
||||
member = module.branch-pf-prod-sa.0.iam_email
|
||||
member = module.branch-pf-prod-sa[0].iam_email
|
||||
role = "roles/orgpolicy.policyAdmin"
|
||||
condition = {
|
||||
title = "org_policy_tag_pf_scoped_prod"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2023 Google LLC
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -19,8 +19,8 @@ locals {
|
|||
cicd_workflow_attrs = {
|
||||
data_platform_dev = {
|
||||
service_accounts = {
|
||||
apply = try(module.branch-dp-dev-sa-cicd.0.email, null)
|
||||
plan = try(module.branch-dp-dev-r-sa-cicd.0.email, null)
|
||||
apply = try(module.branch-dp-dev-sa-cicd[0].email, null)
|
||||
plan = try(module.branch-dp-dev-r-sa-cicd[0].email, null)
|
||||
}
|
||||
tf_providers_files = {
|
||||
apply = "3-data-platform-dev-providers.tf"
|
||||
|
@ -30,8 +30,8 @@ locals {
|
|||
}
|
||||
data_platform_prod = {
|
||||
service_accounts = {
|
||||
apply = try(module.branch-dp-prod-sa-cicd.0.email, null)
|
||||
plan = try(module.branch-dp-prod-r-sa-cicd.0.email, null)
|
||||
apply = try(module.branch-dp-prod-sa-cicd[0].email, null)
|
||||
plan = try(module.branch-dp-prod-r-sa-cicd[0].email, null)
|
||||
}
|
||||
tf_providers_files = {
|
||||
apply = "3-data-platform-prod-providers.tf"
|
||||
|
@ -41,8 +41,8 @@ locals {
|
|||
}
|
||||
gcve_dev = {
|
||||
service_accounts = {
|
||||
apply = try(module.branch-gcve-dev-sa-cicd.0.email, null)
|
||||
plan = try(module.branch-gcve-dev-r-sa-cicd.0.email, null)
|
||||
apply = try(module.branch-gcve-dev-sa-cicd[0].email, null)
|
||||
plan = try(module.branch-gcve-dev-r-sa-cicd[0].email, null)
|
||||
}
|
||||
tf_providers_files = {
|
||||
apply = "3-gcve-dev-providers.tf"
|
||||
|
@ -52,8 +52,8 @@ locals {
|
|||
}
|
||||
gcve_prod = {
|
||||
service_accounts = {
|
||||
apply = try(module.branch-gcve-prod-sa-cicd.0.email, null)
|
||||
plan = try(module.branch-gcve-prod-r-sa-cicd.0.email, null)
|
||||
apply = try(module.branch-gcve-prod-sa-cicd[0].email, null)
|
||||
plan = try(module.branch-gcve-prod-r-sa-cicd[0].email, null)
|
||||
}
|
||||
tf_providers_files = {
|
||||
apply = "3-gcve-prod-providers.tf"
|
||||
|
@ -63,8 +63,8 @@ locals {
|
|||
}
|
||||
gke_dev = {
|
||||
service_accounts = {
|
||||
apply = try(module.branch-gke-dev-sa-cicd.0.email, null)
|
||||
plan = try(module.branch-gke-dev-r-sa-cicd.0.email, null)
|
||||
apply = try(module.branch-gke-dev-sa-cicd[0].email, null)
|
||||
plan = try(module.branch-gke-dev-r-sa-cicd[0].email, null)
|
||||
}
|
||||
tf_providers_files = {
|
||||
apply = "3-gke-dev-providers.tf"
|
||||
|
@ -74,8 +74,8 @@ locals {
|
|||
}
|
||||
gke_prod = {
|
||||
service_accounts = {
|
||||
apply = try(module.branch-gke-prod-sa-cicd.0.email, null)
|
||||
plan = try(module.branch-gke-prod-r-sa-cicd.0.email, null)
|
||||
apply = try(module.branch-gke-prod-sa-cicd[0].email, null)
|
||||
plan = try(module.branch-gke-prod-r-sa-cicd[0].email, null)
|
||||
}
|
||||
tf_providers_files = {
|
||||
apply = "3-gke-prod-providers.tf"
|
||||
|
@ -85,8 +85,8 @@ locals {
|
|||
}
|
||||
networking = {
|
||||
service_accounts = {
|
||||
apply = try(module.branch-network-sa-cicd.0.email, null)
|
||||
plan = try(module.branch-network-r-sa-cicd.0.email, null)
|
||||
apply = try(module.branch-network-sa-cicd[0].email, null)
|
||||
plan = try(module.branch-network-r-sa-cicd[0].email, null)
|
||||
}
|
||||
tf_providers_files = {
|
||||
apply = "2-networking-providers.tf"
|
||||
|
@ -96,8 +96,8 @@ locals {
|
|||
}
|
||||
project_factory_dev = {
|
||||
service_accounts = {
|
||||
apply = try(module.branch-pf-dev-sa-cicd.0.email, null)
|
||||
plan = try(module.branch-pf-dev-r-sa-cicd.0.email, null)
|
||||
apply = try(module.branch-pf-dev-sa-cicd[0].email, null)
|
||||
plan = try(module.branch-pf-dev-r-sa-cicd[0].email, null)
|
||||
}
|
||||
tf_providers_files = {
|
||||
apply = "3-project-factory-dev-providers.tf"
|
||||
|
@ -107,8 +107,8 @@ locals {
|
|||
}
|
||||
project_factory_prod = {
|
||||
service_accounts = {
|
||||
apply = try(module.branch-pf-prod-sa-cicd.0.email, null)
|
||||
plan = try(module.branch-pf-prod-r-sa-cicd.0.email, null)
|
||||
apply = try(module.branch-pf-prod-sa-cicd[0].email, null)
|
||||
plan = try(module.branch-pf-prod-r-sa-cicd[0].email, null)
|
||||
}
|
||||
tf_providers_files = {
|
||||
apply = "3-project-factory-prod-providers.tf"
|
||||
|
@ -118,8 +118,8 @@ locals {
|
|||
}
|
||||
security = {
|
||||
service_accounts = {
|
||||
apply = try(module.branch-security-sa-cicd.0.email, null)
|
||||
plan = try(module.branch-security-r-sa-cicd.0.email, null)
|
||||
apply = try(module.branch-security-sa-cicd[0].email, null)
|
||||
plan = try(module.branch-security-r-sa-cicd[0].email, null)
|
||||
}
|
||||
tf_providers_files = {
|
||||
apply = "2-security-providers.tf"
|
||||
|
@ -145,18 +145,18 @@ locals {
|
|||
}
|
||||
folder_ids = merge(
|
||||
{
|
||||
data-platform-dev = try(module.branch-dp-dev-folder.0.id, null)
|
||||
data-platform-prod = try(module.branch-dp-prod-folder.0.id, null)
|
||||
gcve-dev = try(module.branch-gcve-dev-folder.0.id, null)
|
||||
gcve-prod = try(module.branch-gcve-prod-folder.0.id, null)
|
||||
gke-dev = try(module.branch-gke-dev-folder.0.id, null)
|
||||
gke-prod = try(module.branch-gke-prod-folder.0.id, null)
|
||||
data-platform-dev = try(module.branch-dp-dev-folder[0].id, null)
|
||||
data-platform-prod = try(module.branch-dp-prod-folder[0].id, null)
|
||||
gcve-dev = try(module.branch-gcve-dev-folder[0].id, null)
|
||||
gcve-prod = try(module.branch-gcve-prod-folder[0].id, null)
|
||||
gke-dev = try(module.branch-gke-dev-folder[0].id, null)
|
||||
gke-prod = try(module.branch-gke-prod-folder[0].id, null)
|
||||
networking = try(module.branch-network-folder.id, null)
|
||||
networking-dev = try(module.branch-network-dev-folder.id, null)
|
||||
networking-prod = try(module.branch-network-prod-folder.id, null)
|
||||
sandbox = try(module.branch-sandbox-folder.0.id, null)
|
||||
sandbox = try(module.branch-sandbox-folder[0].id, null)
|
||||
security = try(module.branch-security-folder.id, null)
|
||||
teams = try(module.branch-teams-folder.0.id, null)
|
||||
teams = try(module.branch-teams-folder[0].id, null)
|
||||
},
|
||||
{
|
||||
for k, v in module.branch-teams-team-folder :
|
||||
|
@ -201,122 +201,122 @@ locals {
|
|||
!var.fast_features.data_platform ? {} : {
|
||||
"3-data-platform-dev" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-dp-dev-gcs.0.name
|
||||
bucket = module.branch-dp-dev-gcs[0].name
|
||||
name = "dp-dev"
|
||||
sa = module.branch-dp-dev-sa.0.email
|
||||
sa = module.branch-dp-dev-sa[0].email
|
||||
})
|
||||
"3-data-platform-dev-r" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-dp-dev-gcs.0.name
|
||||
bucket = module.branch-dp-dev-gcs[0].name
|
||||
name = "dp-dev"
|
||||
sa = module.branch-dp-dev-r-sa.0.email
|
||||
sa = module.branch-dp-dev-r-sa[0].email
|
||||
})
|
||||
"3-data-platform-prod" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-dp-prod-gcs.0.name
|
||||
bucket = module.branch-dp-prod-gcs[0].name
|
||||
name = "dp-prod"
|
||||
sa = module.branch-dp-prod-sa.0.email
|
||||
sa = module.branch-dp-prod-sa[0].email
|
||||
})
|
||||
"3-data-platform-prod-r" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-dp-prod-gcs.0.name
|
||||
bucket = module.branch-dp-prod-gcs[0].name
|
||||
name = "dp-prod"
|
||||
sa = module.branch-dp-prod-r-sa.0.email
|
||||
sa = module.branch-dp-prod-r-sa[0].email
|
||||
})
|
||||
},
|
||||
!var.fast_features.gke ? {} : {
|
||||
"3-gke-dev" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-gke-dev-gcs.0.name
|
||||
bucket = module.branch-gke-dev-gcs[0].name
|
||||
name = "gke-dev"
|
||||
sa = module.branch-gke-dev-sa.0.email
|
||||
sa = module.branch-gke-dev-sa[0].email
|
||||
})
|
||||
"3-gke-dev-r" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-gke-dev-gcs.0.name
|
||||
bucket = module.branch-gke-dev-gcs[0].name
|
||||
name = "gke-dev"
|
||||
sa = module.branch-gke-dev-r-sa.0.email
|
||||
sa = module.branch-gke-dev-r-sa[0].email
|
||||
})
|
||||
"3-gke-prod" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-gke-prod-gcs.0.name
|
||||
bucket = module.branch-gke-prod-gcs[0].name
|
||||
name = "gke-prod"
|
||||
sa = module.branch-gke-prod-sa.0.email
|
||||
sa = module.branch-gke-prod-sa[0].email
|
||||
})
|
||||
"3-gke-prod-r" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-gke-prod-gcs.0.name
|
||||
bucket = module.branch-gke-prod-gcs[0].name
|
||||
name = "gke-prod"
|
||||
sa = module.branch-gke-prod-r-sa.0.email
|
||||
sa = module.branch-gke-prod-r-sa[0].email
|
||||
})
|
||||
},
|
||||
!var.fast_features.gcve ? {} : {
|
||||
"3-gcve-dev" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-gcve-dev-gcs.0.name
|
||||
bucket = module.branch-gcve-dev-gcs[0].name
|
||||
name = "gcve-dev"
|
||||
sa = module.branch-gcve-dev-sa.0.email
|
||||
sa = module.branch-gcve-dev-sa[0].email
|
||||
})
|
||||
"3-gcve-dev-r" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-gcve-dev-gcs.0.name
|
||||
bucket = module.branch-gcve-dev-gcs[0].name
|
||||
name = "gcve-dev"
|
||||
sa = module.branch-gcve-dev-r-sa.0.email
|
||||
sa = module.branch-gcve-dev-r-sa[0].email
|
||||
})
|
||||
"3-gcve-prod" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-gcve-prod-gcs.0.name
|
||||
bucket = module.branch-gcve-prod-gcs[0].name
|
||||
name = "gcve-prod"
|
||||
sa = module.branch-gcve-prod-sa.0.email
|
||||
sa = module.branch-gcve-prod-sa[0].email
|
||||
})
|
||||
"3-gcve-prod-r" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-gcve-prod-gcs.0.name
|
||||
bucket = module.branch-gcve-prod-gcs[0].name
|
||||
name = "gcve-prod"
|
||||
sa = module.branch-gcve-prod-r-sa.0.email
|
||||
sa = module.branch-gcve-prod-r-sa[0].email
|
||||
})
|
||||
},
|
||||
!var.fast_features.project_factory ? {} : {
|
||||
"3-project-factory-dev" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-pf-dev-gcs.0.name
|
||||
bucket = module.branch-pf-dev-gcs[0].name
|
||||
name = "team-dev"
|
||||
sa = module.branch-pf-dev-sa.0.email
|
||||
sa = module.branch-pf-dev-sa[0].email
|
||||
})
|
||||
"3-project-factory-dev-r" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-pf-dev-gcs.0.name
|
||||
bucket = module.branch-pf-dev-gcs[0].name
|
||||
name = "team-dev"
|
||||
sa = module.branch-pf-dev-r-sa.0.email
|
||||
sa = module.branch-pf-dev-r-sa[0].email
|
||||
})
|
||||
"3-project-factory-prod" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-pf-prod-gcs.0.name
|
||||
bucket = module.branch-pf-prod-gcs[0].name
|
||||
name = "team-prod"
|
||||
sa = module.branch-pf-prod-sa.0.email
|
||||
sa = module.branch-pf-prod-sa[0].email
|
||||
})
|
||||
"3-project-factory-prod-r" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-pf-prod-gcs.0.name
|
||||
bucket = module.branch-pf-prod-gcs[0].name
|
||||
name = "team-prod"
|
||||
sa = module.branch-pf-prod-r-sa.0.email
|
||||
sa = module.branch-pf-prod-r-sa[0].email
|
||||
})
|
||||
},
|
||||
!var.fast_features.sandbox ? {} : {
|
||||
"9-sandbox" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-sandbox-gcs.0.name
|
||||
bucket = module.branch-sandbox-gcs[0].name
|
||||
name = "sandbox"
|
||||
sa = module.branch-sandbox-sa.0.email
|
||||
sa = module.branch-sandbox-sa[0].email
|
||||
})
|
||||
},
|
||||
!var.fast_features.teams ? {} : merge(
|
||||
{
|
||||
"3-teams" = templatefile(local._tpl_providers, {
|
||||
backend_extra = null
|
||||
bucket = module.branch-teams-gcs.0.name
|
||||
bucket = module.branch-teams-gcs[0].name
|
||||
name = "teams"
|
||||
sa = module.branch-teams-sa.0.email
|
||||
sa = module.branch-teams-sa[0].email
|
||||
})
|
||||
},
|
||||
{
|
||||
|
@ -332,28 +332,28 @@ locals {
|
|||
)
|
||||
service_accounts = merge(
|
||||
{
|
||||
data-platform-dev = try(module.branch-dp-dev-sa.0.email, null)
|
||||
data-platform-dev-r = try(module.branch-dp-dev-r-sa.0.email, null)
|
||||
data-platform-prod = try(module.branch-dp-prod-sa.0.email, null)
|
||||
data-platform-prod-r = try(module.branch-dp-prod-r-sa.0.email, null)
|
||||
gcve-dev = try(module.branch-gcve-dev-sa.0.email, null)
|
||||
gcve-dev-r = try(module.branch-gcve-dev-r-sa.0.email, null)
|
||||
gcve-prod = try(module.branch-gcve-prod-sa.0.email, null)
|
||||
gcve-prod-r = try(module.branch-gcve-prod-r-sa.0.email, null)
|
||||
gke-dev = try(module.branch-gke-dev-sa.0.email, null)
|
||||
gke-dev-r = try(module.branch-gke-dev-r-sa.0.email, null)
|
||||
gke-prod = try(module.branch-gke-prod-sa.0.email, null)
|
||||
gke-prod-r = try(module.branch-gke-prod-r-sa.0.email, null)
|
||||
data-platform-dev = try(module.branch-dp-dev-sa[0].email, null)
|
||||
data-platform-dev-r = try(module.branch-dp-dev-r-sa[0].email, null)
|
||||
data-platform-prod = try(module.branch-dp-prod-sa[0].email, null)
|
||||
data-platform-prod-r = try(module.branch-dp-prod-r-sa[0].email, null)
|
||||
gcve-dev = try(module.branch-gcve-dev-sa[0].email, null)
|
||||
gcve-dev-r = try(module.branch-gcve-dev-r-sa[0].email, null)
|
||||
gcve-prod = try(module.branch-gcve-prod-sa[0].email, null)
|
||||
gcve-prod-r = try(module.branch-gcve-prod-r-sa[0].email, null)
|
||||
gke-dev = try(module.branch-gke-dev-sa[0].email, null)
|
||||
gke-dev-r = try(module.branch-gke-dev-r-sa[0].email, null)
|
||||
gke-prod = try(module.branch-gke-prod-sa[0].email, null)
|
||||
gke-prod-r = try(module.branch-gke-prod-r-sa[0].email, null)
|
||||
networking = module.branch-network-sa.email
|
||||
networking-r = module.branch-network-r-sa.email
|
||||
project-factory-dev = try(module.branch-pf-dev-sa.0.email, null)
|
||||
project-factory-dev-r = try(module.branch-pf-dev-r-sa.0.email, null)
|
||||
project-factory-prod = try(module.branch-pf-prod-sa.0.email, null)
|
||||
project-factory-prod-r = try(module.branch-pf-prod-r-sa.0.email, null)
|
||||
sandbox = try(module.branch-sandbox-sa.0.email, null)
|
||||
project-factory-dev = try(module.branch-pf-dev-sa[0].email, null)
|
||||
project-factory-dev-r = try(module.branch-pf-dev-r-sa[0].email, null)
|
||||
project-factory-prod = try(module.branch-pf-prod-sa[0].email, null)
|
||||
project-factory-prod-r = try(module.branch-pf-prod-r-sa[0].email, null)
|
||||
sandbox = try(module.branch-sandbox-sa[0].email, null)
|
||||
security = module.branch-security-sa.email
|
||||
security-r = module.branch-security-r-sa.email
|
||||
teams = try(module.branch-teams-sa.0.email, null)
|
||||
teams = try(module.branch-teams-sa[0].email, null)
|
||||
},
|
||||
{
|
||||
for k, v in module.branch-teams-team-sa : "team-${k}" => v.email
|
||||
|
@ -406,14 +406,14 @@ output "dataplatform" {
|
|||
description = "Data for the Data Platform stage."
|
||||
value = !var.fast_features.data_platform ? {} : {
|
||||
dev = {
|
||||
folder = module.branch-dp-dev-folder.0.id
|
||||
gcs_bucket = module.branch-dp-dev-gcs.0.name
|
||||
service_account = module.branch-dp-dev-sa.0.email
|
||||
folder = module.branch-dp-dev-folder[0].id
|
||||
gcs_bucket = module.branch-dp-dev-gcs[0].name
|
||||
service_account = module.branch-dp-dev-sa[0].email
|
||||
}
|
||||
prod = {
|
||||
folder = module.branch-dp-prod-folder.0.id
|
||||
gcs_bucket = module.branch-dp-prod-gcs.0.name
|
||||
service_account = module.branch-dp-prod-sa.0.email
|
||||
folder = module.branch-dp-prod-folder[0].id
|
||||
gcs_bucket = module.branch-dp-prod-gcs[0].name
|
||||
service_account = module.branch-dp-prod-sa[0].email
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -425,14 +425,14 @@ output "gcve" {
|
|||
var.fast_features.gcve
|
||||
? {
|
||||
"dev" = {
|
||||
folder = module.branch-gcve-dev-folder.0.id
|
||||
gcs_bucket = module.branch-gcve-dev-gcs.0.name
|
||||
service_account = module.branch-gcve-dev-sa.0.email
|
||||
folder = module.branch-gcve-dev-folder[0].id
|
||||
gcs_bucket = module.branch-gcve-dev-gcs[0].name
|
||||
service_account = module.branch-gcve-dev-sa[0].email
|
||||
}
|
||||
"prod" = {
|
||||
folder = module.branch-gcve-prod-folder.0.id
|
||||
gcs_bucket = module.branch-gcve-prod-gcs.0.name
|
||||
service_account = module.branch-gcve-prod-sa.0.email
|
||||
folder = module.branch-gcve-prod-folder[0].id
|
||||
gcs_bucket = module.branch-gcve-prod-gcs[0].name
|
||||
service_account = module.branch-gcve-prod-sa[0].email
|
||||
}
|
||||
}
|
||||
: {}
|
||||
|
@ -446,14 +446,14 @@ output "gke_multitenant" {
|
|||
var.fast_features.gke
|
||||
? {
|
||||
"dev" = {
|
||||
folder = module.branch-gke-dev-folder.0.id
|
||||
gcs_bucket = module.branch-gke-dev-gcs.0.name
|
||||
service_account = module.branch-gke-dev-sa.0.email
|
||||
folder = module.branch-gke-dev-folder[0].id
|
||||
gcs_bucket = module.branch-gke-dev-gcs[0].name
|
||||
service_account = module.branch-gke-dev-sa[0].email
|
||||
}
|
||||
"prod" = {
|
||||
folder = module.branch-gke-prod-folder.0.id
|
||||
gcs_bucket = module.branch-gke-prod-gcs.0.name
|
||||
service_account = module.branch-gke-prod-sa.0.email
|
||||
folder = module.branch-gke-prod-folder[0].id
|
||||
gcs_bucket = module.branch-gke-prod-gcs[0].name
|
||||
service_account = module.branch-gke-prod-sa[0].email
|
||||
}
|
||||
}
|
||||
: {}
|
||||
|
@ -473,12 +473,12 @@ output "project_factories" {
|
|||
description = "Data for the project factories stage."
|
||||
value = !var.fast_features.project_factory ? {} : {
|
||||
dev = {
|
||||
bucket = module.branch-pf-dev-gcs.0.name
|
||||
sa = module.branch-pf-dev-sa.0.email
|
||||
bucket = module.branch-pf-dev-gcs[0].name
|
||||
sa = module.branch-pf-dev-sa[0].email
|
||||
}
|
||||
prod = {
|
||||
bucket = module.branch-pf-prod-gcs.0.name
|
||||
sa = module.branch-pf-prod-sa.0.email
|
||||
bucket = module.branch-pf-prod-gcs[0].name
|
||||
sa = module.branch-pf-prod-sa[0].email
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -497,9 +497,9 @@ output "sandbox" {
|
|||
value = (
|
||||
var.fast_features.sandbox
|
||||
? {
|
||||
folder = module.branch-sandbox-folder.0.id
|
||||
gcs_bucket = module.branch-sandbox-gcs.0.name
|
||||
service_account = module.branch-sandbox-sa.0.email
|
||||
folder = module.branch-sandbox-folder[0].id
|
||||
gcs_bucket = module.branch-sandbox-gcs[0].name
|
||||
service_account = module.branch-sandbox-sa[0].email
|
||||
}
|
||||
: null
|
||||
)
|
||||
|
|
|
@ -32,11 +32,11 @@ locals {
|
|||
region_shortnames = {
|
||||
for k, v in local._region_tokens : k => join("", [
|
||||
# first token via geo alias map or first character
|
||||
lookup(local._region_geo, v.0, substr(v.0, 0, 1)),
|
||||
lookup(local._region_geo, v[0], substr(v[0], 0, 1)),
|
||||
# first token via cardinal alias map or first character
|
||||
lookup(local._region_cardinal, v.1, substr(v.1, 0, 1)),
|
||||
lookup(local._region_cardinal, v[1], substr(v[1], 0, 1)),
|
||||
# region number as is
|
||||
v.2
|
||||
v[2]
|
||||
])
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,11 +32,11 @@ locals {
|
|||
region_shortnames = {
|
||||
for k, v in local._region_tokens : k => join("", [
|
||||
# first token via geo alias map or first character
|
||||
lookup(local._region_geo, v.0, substr(v.0, 0, 1)),
|
||||
lookup(local._region_geo, v[0], substr(v[0], 0, 1)),
|
||||
# first token via cardinal alias map or first character
|
||||
lookup(local._region_cardinal, v.1, substr(v.1, 0, 1)),
|
||||
lookup(local._region_cardinal, v[1], substr(v[1], 0, 1)),
|
||||
# region number as is
|
||||
v.2
|
||||
v[2]
|
||||
])
|
||||
}
|
||||
}
|
||||
|
|
|
@ -51,37 +51,37 @@ module "landing-to-spokes-primary-vpn" {
|
|||
tunnels = {
|
||||
dev-0 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.dev-primary.0, 2)
|
||||
address = cidrhost(local.bgp_session_ranges.dev-primary[0], 2)
|
||||
asn = var.vpn_configs.dev.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.dev-primary.0, 1)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.dev-primary[0], 1)}/30"
|
||||
peer_gateway = "dev"
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
dev-1 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.dev-primary.1, 2)
|
||||
address = cidrhost(local.bgp_session_ranges.dev-primary[1], 2)
|
||||
asn = var.vpn_configs.dev.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.dev-primary.1, 1)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.dev-primary[1], 1)}/30"
|
||||
peer_gateway = "dev"
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
prod-0 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.prod-primary.0, 2)
|
||||
address = cidrhost(local.bgp_session_ranges.prod-primary[0], 2)
|
||||
asn = var.vpn_configs.prod.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-primary.0, 1)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-primary[0], 1)}/30"
|
||||
peer_gateway = "prod"
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
prod-1 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.prod-primary.1, 2)
|
||||
address = cidrhost(local.bgp_session_ranges.prod-primary[1], 2)
|
||||
asn = var.vpn_configs.prod.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-primary.1, 1)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-primary[1], 1)}/30"
|
||||
peer_gateway = "prod"
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
|
@ -104,19 +104,19 @@ module "landing-to-spokes-secondary-vpn" {
|
|||
tunnels = {
|
||||
prod-0 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.prod-secondary.0, 2)
|
||||
address = cidrhost(local.bgp_session_ranges.prod-secondary[0], 2)
|
||||
asn = var.vpn_configs.prod.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-secondary.0, 1)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-secondary[0], 1)}/30"
|
||||
peer_gateway = "prod"
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
prod-1 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.prod-secondary.1, 2)
|
||||
address = cidrhost(local.bgp_session_ranges.prod-secondary[1], 2)
|
||||
asn = var.vpn_configs.prod.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-secondary.1, 1)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-secondary[1], 1)}/30"
|
||||
peer_gateway = "prod"
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
|
|
|
@ -32,19 +32,19 @@ module "dev-to-landing-primary-vpn" {
|
|||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.dev-primary.0, 1)
|
||||
address = cidrhost(local.bgp_session_ranges.dev-primary[0], 1)
|
||||
asn = var.vpn_configs.landing.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.dev-primary.0, 2)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.dev-primary[0], 2)}/30"
|
||||
shared_secret = module.landing-to-spokes-primary-vpn.random_secret
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
1 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.dev-primary.1, 1)
|
||||
address = cidrhost(local.bgp_session_ranges.dev-primary[1], 1)
|
||||
asn = var.vpn_configs.landing.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.dev-primary.1, 2)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.dev-primary[1], 2)}/30"
|
||||
shared_secret = module.landing-to-spokes-primary-vpn.random_secret
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
|
|
|
@ -32,19 +32,19 @@ module "prod-to-landing-primary-vpn" {
|
|||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.prod-primary.0, 1)
|
||||
address = cidrhost(local.bgp_session_ranges.prod-primary[0], 1)
|
||||
asn = var.vpn_configs.landing.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-primary.0, 2)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-primary[0], 2)}/30"
|
||||
shared_secret = module.landing-to-spokes-primary-vpn.random_secret
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
1 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.prod-primary.1, 1)
|
||||
address = cidrhost(local.bgp_session_ranges.prod-primary[1], 1)
|
||||
asn = var.vpn_configs.landing.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-primary.1, 2)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-primary[1], 2)}/30"
|
||||
shared_secret = module.landing-to-spokes-primary-vpn.random_secret
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
|
@ -67,19 +67,19 @@ module "prod-to-landing-secondary-vpn" {
|
|||
tunnels = {
|
||||
0 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.prod-secondary.0, 1)
|
||||
address = cidrhost(local.bgp_session_ranges.prod-secondary[0], 1)
|
||||
asn = var.vpn_configs.landing.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-secondary.0, 2)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-secondary[0], 2)}/30"
|
||||
shared_secret = module.landing-to-spokes-secondary-vpn.random_secret
|
||||
vpn_gateway_interface = 0
|
||||
}
|
||||
1 = {
|
||||
bgp_peer = {
|
||||
address = cidrhost(local.bgp_session_ranges.prod-secondary.1, 1)
|
||||
address = cidrhost(local.bgp_session_ranges.prod-secondary[1], 1)
|
||||
asn = var.vpn_configs.landing.asn
|
||||
}
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-secondary.1, 2)}/30"
|
||||
bgp_session_range = "${cidrhost(local.bgp_session_ranges.prod-secondary[1], 2)}/30"
|
||||
shared_secret = module.landing-to-spokes-secondary-vpn.random_secret
|
||||
vpn_gateway_interface = 1
|
||||
}
|
||||
|
|
|
@ -41,9 +41,9 @@ locals {
|
|||
nva_locality = {
|
||||
for v in setproduct(keys(var.regions), local.nva_zones) :
|
||||
join("-", v) => {
|
||||
name = v.0
|
||||
region = var.regions[v.0]
|
||||
zone = v.1
|
||||
name = v[0]
|
||||
region = var.regions[v[0]]
|
||||
zone = v[1]
|
||||
}
|
||||
}
|
||||
nva_zones = ["b", "c"]
|
||||
|
|
|
@ -110,11 +110,11 @@ output "vpn_gateway_endpoints" {
|
|||
description = "External IP Addresses for the GCP VPN gateways."
|
||||
value = {
|
||||
onprem-primary = var.vpn_onprem_primary_config == null ? {} : {
|
||||
for v in module.landing-to-onprem-primary-vpn.0.gateway.vpn_interfaces :
|
||||
for v in module.landing-to-onprem-primary-vpn[0].gateway.vpn_interfaces :
|
||||
v.id => v.ip_address
|
||||
}
|
||||
onprem-secondary = var.vpn_onprem_secondary_config == null ? {} : {
|
||||
for v in module.landing-to-onprem-secondary-vpn.0.gateway.vpn_interfaces :
|
||||
for v in module.landing-to-onprem-secondary-vpn[0].gateway.vpn_interfaces :
|
||||
v.id => v.ip_address
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,11 +32,11 @@ locals {
|
|||
region_shortnames = {
|
||||
for k, v in local._region_tokens : k => join("", [
|
||||
# first token via geo alias map or first character
|
||||
lookup(local._region_geo, v.0, substr(v.0, 0, 1)),
|
||||
lookup(local._region_geo, v[0], substr(v[0], 0, 1)),
|
||||
# first token via cardinal alias map or first character
|
||||
lookup(local._region_cardinal, v.1, substr(v.1, 0, 1)),
|
||||
lookup(local._region_cardinal, v[1], substr(v[1], 0, 1)),
|
||||
# region number as is
|
||||
v.2
|
||||
v[2]
|
||||
])
|
||||
}
|
||||
}
|
||||
|
|
|
@ -109,11 +109,11 @@ output "vpn_gateway_endpoints" {
|
|||
description = "External IP Addresses for the GCP VPN gateways."
|
||||
value = {
|
||||
dev-primary = var.vpn_onprem_dev_primary_config == null ? {} : {
|
||||
for v in module.landing-to-onprem-dev-primary-vpn.0.gateway.vpn_interfaces :
|
||||
for v in module.landing-to-onprem-dev-primary-vpn[0].gateway.vpn_interfaces :
|
||||
v.id => v.ip_address
|
||||
}
|
||||
prod-primary = var.vpn_onprem_prod_primary_config == null ? {} : {
|
||||
for v in module.landing-to-onprem-prod-primary-vpn.0.gateway.vpn_interfaces :
|
||||
for v in module.landing-to-onprem-prod-primary-vpn[0].gateway.vpn_interfaces :
|
||||
v.id => v.ip_address
|
||||
}
|
||||
}
|
||||
|
|
|
@ -32,11 +32,11 @@ locals {
|
|||
region_shortnames = {
|
||||
for k, v in local._region_tokens : k => join("", [
|
||||
# first token via geo alias map or first character
|
||||
lookup(local._region_geo, v.0, substr(v.0, 0, 1)),
|
||||
lookup(local._region_geo, v[0], substr(v[0], 0, 1)),
|
||||
# first token via cardinal alias map or first character
|
||||
lookup(local._region_cardinal, v.1, substr(v.1, 0, 1)),
|
||||
lookup(local._region_cardinal, v[1], substr(v[1], 0, 1)),
|
||||
# region number as is
|
||||
v.2
|
||||
v[2]
|
||||
])
|
||||
}
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue