From 08849acc6c6902444d722834a49802f4fa3bb97e Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Fri, 9 Sep 2022 20:00:02 +0200
Subject: [PATCH 1/4] update changelog

---
 CHANGELOG.md | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 66a26032..a01f515f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,10 +4,9 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
-## [18.0.0] - 2022-09-09
-
 <!-- None < 2022-06-06 13:42:51+00:00 -->
 
+- [[#808](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/808)] Rename examples to blueprints ([juliocc](https://github.com/juliocc)) <!-- 2022-09-09 15:14:19+00:00 -->
 
 ###  FAST
 
@@ -50,6 +49,8 @@ All notable changes to this project will be documented in this file.
 
 ### EXAMPLES
 
+- [[#801](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/801)] Update Cloud SQL example ([lcaggio](https://github.com/lcaggio)) <!-- 2022-09-09 14:02:07+00:00 -->
+- [[#802](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/802)] Fix Data Platform example ([lcaggio](https://github.com/lcaggio)) <!-- 2022-09-09 07:19:28+00:00 -->
 - [[#790](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/790)] Cloud Identity Group factory ([lcaggio](https://github.com/lcaggio)) <!-- 2022-09-01 13:30:58+00:00 -->
 - [[#740](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/740)] Update to multiple READMEs  ([bluPhy](https://github.com/bluPhy)) <!-- 2022-08-11 07:40:55+00:00 -->
 - [[#738](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/738)] Improve Data Playground example ([lcaggio](https://github.com/lcaggio)) <!-- 2022-08-09 13:56:39+00:00 -->
@@ -65,6 +66,7 @@ All notable changes to this project will be documented in this file.
 
 ### MODULES
 
+- [[#805](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/805)] Change `modules/project` service_config default ([juliocc](https://github.com/juliocc)) <!-- 2022-09-09 07:54:31+00:00 -->
 - [[#787](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/787)] Support manager role in cloud identity group module ([lcaggio](https://github.com/lcaggio)) <!-- 2022-08-31 10:29:05+00:00 -->
 - [[#786](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/786)] Secret manager flag sensitive output ([ddaluka](https://github.com/ddaluka)) <!-- 2022-08-29 11:22:52+00:00 -->
 - [[#775](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/775)] net-glb: Added support for regional external HTTP(s) load balancing ([rosmo](https://github.com/rosmo)) <!-- 2022-08-27 20:58:11+00:00 -->
@@ -107,7 +109,7 @@ All notable changes to this project will be documented in this file.
 ### TOOLS
 
 - [[#796](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/796)] Remove duplicate path component from doc_examples test names. ([juliocc](https://github.com/juliocc)) <!-- 2022-09-07 09:37:19+00:00 -->
-- [[#794](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/794)] Test documentation examples in the `blueprints/` folder ([juliocc](https://github.com/juliocc)) <!-- 2022-09-06 19:38:26+00:00 -->
+- [[#794](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/794)] Test documentation examples in the `examples/` folder ([juliocc](https://github.com/juliocc)) <!-- 2022-09-06 19:38:26+00:00 -->
 - [[#788](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/788)] fix yaml quotes for merge-pr workflow ([drebes](https://github.com/drebes)) <!-- 2022-08-31 13:47:33+00:00 -->
 - [[#763](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/763)] Changelog generator ([ludoo](https://github.com/ludoo)) <!-- 2022-08-02 09:45:06+00:00 -->
 - [[#762](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/762)] Update changelog on pull request merge ([ludoo](https://github.com/ludoo)) <!-- 2022-07-30 17:04:00+00:00 -->
@@ -608,8 +610,7 @@ All notable changes to this project will be documented in this file.
 
 
 <!-- markdown-link-check-disable -->
-[Unreleased]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v18.0.0...HEAD
-[18.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v16.0.0...v18.0.0
+[Unreleased]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v16.0.0...HEAD
 [16.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v15.0.0...v16.0.0
 [15.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v14.0.0...v15.0.0
 [14.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v13.0.0...v14.0.0
@@ -672,4 +673,4 @@ All notable changes to this project will be documented in this file.
 [1.3.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v1.2.0...v1.3.0
 [1.2.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v1.1.0...v1.2.0
 [1.1.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v1.0.0...v1.1.0
-[1.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v0.1...v1.0.0
+[1.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v0.1...v1.0.0
\ No newline at end of file

From 3cd366139f5682715c4f8dd89391d6745fba4bd9 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Fri, 9 Sep 2022 20:01:28 +0200
Subject: [PATCH 2/4] Update CHANGELOG.md

---
 CHANGELOG.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a01f515f..a98606f3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
-<!-- None < 2022-06-06 13:42:51+00:00 -->
+## [18.0.0] - 2022-09-09
 
 - [[#808](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/808)] Rename examples to blueprints ([juliocc](https://github.com/juliocc)) <!-- 2022-09-09 15:14:19+00:00 -->
 
@@ -610,7 +610,8 @@ All notable changes to this project will be documented in this file.
 
 
 <!-- markdown-link-check-disable -->
-[Unreleased]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v16.0.0...HEAD
+[Unreleased]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v18.0.0...HEAD
+[18.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v16.0.0...v18.0.0
 [16.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v15.0.0...v16.0.0
 [15.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v14.0.0...v15.0.0
 [14.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v13.0.0...v14.0.0
@@ -673,4 +674,4 @@ All notable changes to this project will be documented in this file.
 [1.3.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v1.2.0...v1.3.0
 [1.2.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v1.1.0...v1.2.0
 [1.1.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v1.0.0...v1.1.0
-[1.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v0.1...v1.0.0
\ No newline at end of file
+[1.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v0.1...v1.0.0

From 8b20475698585289716927dd13a81728cde5739b Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Fri, 9 Sep 2022 20:04:46 +0200
Subject: [PATCH 3/4] update changelog

---
 CHANGELOG.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a98606f3..affaf977 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,8 +4,11 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+
 ## [18.0.0] - 2022-09-09
 
+<!-- 2022-09-09 18:02:15+00:00 < 2022-06-06 13:42:51+00:00 -->
+
 - [[#808](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/808)] Rename examples to blueprints ([juliocc](https://github.com/juliocc)) <!-- 2022-09-09 15:14:19+00:00 -->
 
 ###  FAST
@@ -674,4 +677,4 @@ All notable changes to this project will be documented in this file.
 [1.3.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v1.2.0...v1.3.0
 [1.2.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v1.1.0...v1.2.0
 [1.1.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v1.0.0...v1.1.0
-[1.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v0.1...v1.0.0
+[1.0.0]: https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/compare/v0.1...v1.0.0
\ No newline at end of file

From 6253df72c9238b6c93b859a74806977a6312eee7 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Mon, 12 Sep 2022 07:26:48 +0200
Subject: [PATCH 4/4] working (#807)

---
 fast/assets/templates/workflow-gitlab.yaml | 167 ++++++++-------------
 1 file changed, 65 insertions(+), 102 deletions(-)

diff --git a/fast/assets/templates/workflow-gitlab.yaml b/fast/assets/templates/workflow-gitlab.yaml
index f138ee30..b685be8a 100644
--- a/fast/assets/templates/workflow-gitlab.yaml
+++ b/fast/assets/templates/workflow-gitlab.yaml
@@ -13,145 +13,108 @@
 # limitations under the License.
 
 default:
-  image:
-    name: registry.gitlab.com/gitlab-org/terraform-images/releases/1.1
   before_script:
-    - |
-      ssh-agent -a $SSH_AUTH_SOCK > /dev/null
-      echo "$CICD_MODULES_KEY" | base64 -d | tr -d '\r' | ssh-add - > /dev/null
-      mkdir -p ~/.ssh
-      ssh-keyscan -H 'gitlab.com' >> ~/.ssh/known_hosts
-      ssh-keyscan gitlab.com | sort -u - ~/.ssh/known_hosts -o ~/.ssh/known_hosts
-      cd "$${TF_ROOT}"
-      cp -R .tf-setup/. .
+    - echo "${CI_JOB_JWT_V2}" > token.txt
+  image:
+    name: hashicorp/terraform
+    entrypoint:
+      - "/usr/bin/env"
+      - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
 variables:
+  GOOGLE_CREDENTIALS: cicd-sa-credentials.json
   FAST_OUTPUTS_BUCKET: ${outputs_bucket}
   FAST_SERVICE_ACCOUNT: ${service_account}
   FAST_WIF_PROVIDER: ${identity_provider}
   SSH_AUTH_SOCK: /tmp/ssh_agent.sock
   TF_PROVIDERS_FILE: ${tf_providers_file}
   TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n    ", tf_var_files)}
-  TF_VERSION: 1.1.7
-  TF_ROOT: $${CI_PROJECT_DIR}  # The relative path to the root directory of the Terraform project
 
 stages:
   - gcp-auth
-  - tf-setup
-  - tf-init
-  - tf-validate
+  - tf-files
   - tf-plan
   - tf-apply
 
 cache:
-  key: "$${TF_ROOT}"
+  key: gcp-auth
   paths:
-    - $${TF_ROOT}/.terraform/
-    - $${TF_ROOT}/.tf-setup/
+    - cicd-sa-credentials.json
+    - .tf-setup
 
-# Configure GCP Auth with Access Token
 gcp-auth:
+  image:
+    name: google/cloud-sdk:slim
   stage: gcp-auth
-  before_script: []
   script:
     - |
-      PAYLOAD="$(cat <<EOF
-      {
-        "audience": "//iam.googleapis.com/$${FAST_WIF_PROVIDER}",
-        "grantType": "urn:ietf:params:oauth:grant-type:token-exchange",
-        "requestedTokenType": "urn:ietf:params:oauth:token-type:access_token",
-        "scope": "https://www.googleapis.com/auth/cloud-platform",
-        "subjectTokenType": "urn:ietf:params:oauth:token-type:jwt",
-        "subjectToken": "$${CI_JOB_JWT_V2}"
-      }
-      EOF
-      )"
-
-      FEDERATED_TOKEN="$(curl --silent "https://sts.googleapis.com/v1/token" \
-        --header "Accept: application/json" \
-        --header "Content-Type: application/json" \
-        --data "$${PAYLOAD}" \
-        | jq -r '.access_token'
-      )"
-
-      GOOGLE_OAUTH_ACCESS_TOKEN="$(curl --silent --show-error --fail "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/$${FAST_SERVICE_ACCOUNT}:generateAccessToken" \
-        --header "Accept: application/json" \
-        --header "Content-Type: application/json" \
-        --header "Authorization: Bearer $${FEDERATED_TOKEN}" \
-        --data '{"scope": ["https://www.googleapis.com/auth/cloud-platform"]}' \
-        | jq -r '.accessToken'
-      )"
-
-      echo "GOOGLE_OAUTH_ACCESS_TOKEN=$GOOGLE_OAUTH_ACCESS_TOKEN" >> gcp-auth.env
-
-      if [ -z "$GOOGLE_OAUTH_ACCESS_TOKEN" ]; then exit 1; fi
-# WIP - will have to find a better way of doing this
-  artifacts:
-    reports:
-      dotenv: gcp-auth.env
-
-# Downloading from bucket into cache
-tf-setup:
-  stage: tf-setup
-  before_script: []
-  script:
-    - |
-      mkdir -p .tf-setup
-      curl -X GET \
-        -H "Authorization: Bearer $GOOGLE_OAUTH_ACCESS_TOKEN" \
-        -o ".tf-setup/$${TF_PROVIDERS_FILE}" \
-        "https://storage.googleapis.com/$${FAST_OUTPUTS_BUCKET}/providers/$${TF_PROVIDERS_FILE}"
-      for f in $TF_VAR_FILES; do
-        curl -X GET \
-          -H "Authorization: Bearer $GOOGLE_OAUTH_ACCESS_TOKEN" \
-          -o ".tf-setup/$f" \
-          "https://storage.googleapis.com/$${FAST_OUTPUTS_BUCKET}/tfvars/$f"
-      done
+      gcloud iam workload-identity-pools create-cred-config \
+        ${FAST_WIF_PROVIDER} \
+        --service-account=${FAST_SERVICE_ACCOUNT} \
+        --service-account-token-lifetime-seconds=3600 \
+        --output-file=${GOOGLE_CREDENTIALS} \
+        --credential-source-file=token.txt
+tf-files:
   dependencies:
     - gcp-auth
-
-# Terraform Init
-tf-init:
-  stage: tf-init
+  image:
+    name: google/cloud-sdk:slim
+  stage: tf-files
   script:
+    # - gcloud components install -q alpha
+    - gcloud config set auth/credential_file_override ${GOOGLE_CREDENTIALS}
+    - mkdir -p .tf-setup
     - |
-      gitlab-terraform init
-  dependencies:
-    - gcp-auth
-
-# Terraform Validate
-tf-validate:
-  stage: tf-validate
-  script:
+      gcloud alpha storage cp -r \
+        "gs://${FAST_OUTPUTS_BUCKET}/providers/${TF_PROVIDERS_FILE}" .tf-setup/
     - |
-      gitlab-terraform validate
-  dependencies:
-    - gcp-auth
+      gcloud alpha storage cp -r \
+        "gs://${FAST_OUTPUTS_BUCKET}/tfvars" .tf-setup/
 
-# Terraform Plan
 tf-plan:
+  # uncomment the following lines and set the SSH key secret for private modules repo
+  # before_script:
+  #   - |
+  #     ssh-agent -a $SSH_AUTH_SOCK > /dev/null
+  #     echo "$CICD_MODULES_KEY" | base64 -d | tr -d '\r' | ssh-add - > /dev/null
+  #     mkdir -p ~/.ssh
+  #     ssh-keyscan -H 'gitlab.com' >> ~/.ssh/known_hosts
+  #     ssh-keyscan gitlab.com | sort -u - ~/.ssh/known_hosts -o ~/.ssh/known_hosts
   stage: tf-plan
   script:
-  - |
-    gitlab-terraform plan
-    gitlab-terraform plan-json
+    - cp .tf-setup/${TF_PROVIDERS_FILE} ./
+    - |
+      for f in ${TF_VAR_FILES}; do
+        ln -s ".tf-setup/tfvars/$f" ./
+      done
+    - terraform init
+    - terraform validate
+    - terraform plan
   dependencies:
-    - gcp-auth
-  artifacts:
-    paths:
-      - $${TF_ROOT}/plan.cache
-    reports:
-      terraform: $${TF_ROOT}/plan.json
+    - tf-files
 
-# Terraform Apply
 tf-apply:
+  # uncomment the following lines and set the SSH key secret for private modules repo
+  # before_script:
+  #   - |
+  #     ssh-agent -a $SSH_AUTH_SOCK > /dev/null
+  #     echo "$CICD_MODULES_KEY" | base64 -d | tr -d '\r' | ssh-add - > /dev/null
+  #     mkdir -p ~/.ssh
+  #     ssh-keyscan -H 'gitlab.com' >> ~/.ssh/known_hosts
+  #     ssh-keyscan gitlab.com | sort -u - ~/.ssh/known_hosts -o ~/.ssh/known_hosts
   stage: tf-apply
   script:
-    - cd "$${TF_ROOT}"
-    - gitlab-terraform apply
+    - cp .tf-setup/${TF_PROVIDERS_FILE} ./
+    - |
+      for f in ${TF_VAR_FILES}; do
+        ln -s ".tf-setup/tfvars/$f" ./
+      done
+    - terraform init
+    - terraform validate
+    - terraform apply -input=false -auto-approve
+  dependencies:
+    - tf-files
   when: manual
   only:
     variables:
       - $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-  dependencies:
-    - gcp-auth
\ No newline at end of file