Merge branch 'master' into lcaggio/sql-kms
This commit is contained in:
commit
4c4c879cce
|
@ -183,20 +183,21 @@ Due to its simplicity, this stage lends itself easily to customizations: adding
|
|||
| [groups](variables.tf#L118) | Group names to grant organization-level permissions. | <code>map(string)</code> | | <code title="{ gcp-billing-admins = "gcp-billing-admins", gcp-devops = "gcp-devops", gcp-network-admins = "gcp-network-admins" gcp-organization-admins = "gcp-organization-admins" gcp-security-admins = "gcp-security-admins" gcp-support = "gcp-support" }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [organization_policy_configs](variables.tf#L143) | Organization policies customization. | <code title="object({ allowed_policy_member_domains = list(string) })">object({…})</code> | | <code>null</code> | |
|
||||
| [outputs_location](variables.tf#L151) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [team_folders](variables.tf#L168) | Team folders to be created. Format is described in a code comment. | <code title="map(object({ descriptive_name = string group_iam = map(list(string)) impersonation_groups = list(string) }))">map(object({…}))</code> | | <code>null</code> | |
|
||||
| [tag_names](variables.tf#L168) | Customized names for resource management tags. | <code title="object({ context = string environment = string })">object({…})</code> | | <code title="{ context = "context" environment = "environment" }">{…}</code> | |
|
||||
| [team_folders](variables.tf#L185) | Team folders to be created. Format is described in a code comment. | <code title="map(object({ descriptive_name = string group_iam = map(list(string)) impersonation_groups = list(string) }))">map(object({…}))</code> | | <code>null</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive | consumers |
|
||||
|---|---|:---:|---|
|
||||
| [cicd_repositories](outputs.tf#L156) | WIF configuration for CI/CD repositories. | | |
|
||||
| [dataplatform](outputs.tf#L168) | Data for the Data Platform stage. | | |
|
||||
| [networking](outputs.tf#L184) | Data for the networking stage. | | |
|
||||
| [project_factories](outputs.tf#L193) | Data for the project factories stage. | | |
|
||||
| [providers](outputs.tf#L209) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
|
||||
| [sandbox](outputs.tf#L216) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
|
||||
| [security](outputs.tf#L226) | Data for the networking stage. | | <code>02-security</code> |
|
||||
| [teams](outputs.tf#L236) | Data for the teams stage. | | |
|
||||
| [tfvars](outputs.tf#L249) | Terraform variable files for the following stages. | ✓ | |
|
||||
| [cicd_repositories](outputs.tf#L157) | WIF configuration for CI/CD repositories. | | |
|
||||
| [dataplatform](outputs.tf#L169) | Data for the Data Platform stage. | | |
|
||||
| [networking](outputs.tf#L185) | Data for the networking stage. | | |
|
||||
| [project_factories](outputs.tf#L194) | Data for the project factories stage. | | |
|
||||
| [providers](outputs.tf#L210) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
|
||||
| [sandbox](outputs.tf#L217) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
|
||||
| [security](outputs.tf#L227) | Data for the networking stage. | | <code>02-security</code> |
|
||||
| [teams](outputs.tf#L237) | Data for the teams stage. | | |
|
||||
| [tfvars](outputs.tf#L250) | Terraform variable files for the following stages. | ✓ | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -21,7 +21,9 @@ module "branch-dp-folder" {
|
|||
parent = "organizations/${var.organization.id}"
|
||||
name = "Data Platform"
|
||||
tag_bindings = {
|
||||
context = try(module.organization.tag_values["context/data"].id, null)
|
||||
context = try(
|
||||
module.organization.tag_values["${var.tag_names.context}/data"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -39,7 +41,9 @@ module "branch-dp-dev-folder" {
|
|||
"roles/resourcemanager.projectCreator" = [module.branch-dp-dev-sa.iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(module.organization.tag_values["environment/development"].id, null)
|
||||
context = try(
|
||||
module.organization.tag_values["${var.tag_names.environment}/development"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -57,7 +61,9 @@ module "branch-dp-prod-folder" {
|
|||
"roles/resourcemanager.projectCreator" = [module.branch-dp-prod-sa.iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(module.organization.tag_values["environment/production"].id, null)
|
||||
context = try(
|
||||
module.organization.tag_values["${var.tag_names.environment}/production"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -39,7 +39,9 @@ module "branch-network-folder" {
|
|||
"roles/compute.xpnAdmin" = [module.branch-network-sa.iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(module.organization.tag_values["context/networking"].id, null)
|
||||
context = try(
|
||||
module.organization.tag_values["${var.tag_names.context}/networking"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -54,7 +56,9 @@ module "branch-network-prod-folder" {
|
|||
]
|
||||
}
|
||||
tag_bindings = {
|
||||
environment = try(module.organization.tag_values["environment/production"].id, null)
|
||||
environment = try(
|
||||
module.organization.tag_values["${var.tag_names.environment}/production"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -69,7 +73,9 @@ module "branch-network-dev-folder" {
|
|||
]
|
||||
}
|
||||
tag_bindings = {
|
||||
environment = try(module.organization.tag_values["environment/development"].id, null)
|
||||
environment = try(
|
||||
module.organization.tag_values["${var.tag_names.environment}/development"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -38,7 +38,9 @@ module "branch-sandbox-folder" {
|
|||
}
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(module.organization.tag_values["context/sandbox"].id, null)
|
||||
context = try(
|
||||
module.organization.tag_values["${var.tag_names.context}/sandbox"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -40,7 +40,9 @@ module "branch-security-folder" {
|
|||
"roles/resourcemanager.projectCreator" = [module.branch-security-sa.iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
context = try(module.organization.tag_values["context/security"].id, null)
|
||||
context = try(
|
||||
module.organization.tag_values["${var.tag_names.context}/security"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -21,7 +21,9 @@ module "branch-teams-folder" {
|
|||
parent = "organizations/${var.organization.id}"
|
||||
name = "Teams"
|
||||
tag_bindings = {
|
||||
context = try(module.organization.tag_values["context/teams"].id, null)
|
||||
context = try(
|
||||
module.organization.tag_values["${var.tag_names.context}/teams"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -90,7 +92,9 @@ module "branch-teams-team-dev-folder" {
|
|||
"roles/resourcemanager.projectCreator" = [module.branch-teams-dev-pf-sa.iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
environment = try(module.organization.tag_values["environment/development"].id, null)
|
||||
environment = try(
|
||||
module.organization.tag_values["${var.tag_names.environment}/development"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -111,7 +115,9 @@ module "branch-teams-team-prod-folder" {
|
|||
"roles/resourcemanager.projectCreator" = [module.branch-teams-prod-pf-sa.iam_email]
|
||||
}
|
||||
tag_bindings = {
|
||||
environment = try(module.organization.tag_values["environment/production"].id, null)
|
||||
environment = try(
|
||||
module.organization.tag_values["${var.tag_names.environment}/production"].id, null
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -151,7 +151,7 @@ module "organization" {
|
|||
# )
|
||||
}
|
||||
tags = {
|
||||
context = {
|
||||
(var.tag_names.context) = {
|
||||
description = "Resource management context."
|
||||
iam = {}
|
||||
values = {
|
||||
|
@ -163,7 +163,7 @@ module "organization" {
|
|||
teams = null
|
||||
}
|
||||
}
|
||||
environment = {
|
||||
(var.tag_names.environment) = {
|
||||
description = "Environment definition."
|
||||
iam = {}
|
||||
values = {
|
||||
|
@ -190,9 +190,9 @@ resource "google_organization_iam_member" "org_policy_admin" {
|
|||
title = "org_policy_tag_scoped"
|
||||
description = "Org policy tag scoped grant for ${each.value.0}/${each.value.1}."
|
||||
expression = <<-END
|
||||
resource.matchTag('${var.organization.id}/context', '${each.value.0}')
|
||||
resource.matchTag('${var.organization.id}/${var.tag_names.context}', '${each.value.0}')
|
||||
&&
|
||||
resource.matchTag('${var.organization.id}/environment', '${each.value.1}')
|
||||
resource.matchTag('${var.organization.id}/${var.tag_names.environment}', '${each.value.1}')
|
||||
END
|
||||
}
|
||||
}
|
||||
|
|
|
@ -150,6 +150,7 @@ locals {
|
|||
tfvars = {
|
||||
folder_ids = local.folder_ids
|
||||
service_accounts = local.service_accounts
|
||||
tag_names = var.tag_names
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -165,6 +165,23 @@ variable "prefix" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "tag_names" {
|
||||
description = "Customized names for resource management tags."
|
||||
type = object({
|
||||
context = string
|
||||
environment = string
|
||||
})
|
||||
default = {
|
||||
context = "context"
|
||||
environment = "environment"
|
||||
}
|
||||
nullable = false
|
||||
validation {
|
||||
condition = alltrue([for k, v in var.tag_names : v != null])
|
||||
error_message = "Tag names cannot be null."
|
||||
}
|
||||
}
|
||||
|
||||
variable "team_folders" {
|
||||
description = "Team folders to be created. Format is described in a code comment."
|
||||
type = map(object({
|
||||
|
|
Loading…
Reference in New Issue