FAST: add support for project parents to bootstrap stage (#799)
* FAST: add support for project parents to bootstrap stage * change as per review comments
This commit is contained in:
parent
1e62078e37
commit
6035dc1491
|
@ -473,6 +473,7 @@ The remaining configuration is manual, as it regards the repositories themselves
|
||||||
| [iam_additive](variables.tf#L146) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | <code>map(list(string))</code> | | <code>{}</code> | |
|
| [iam_additive](variables.tf#L146) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||||
| [log_sinks](variables.tf#L154) | Org-level log sinks, in name => {type, filter} format. | <code title="map(object({ filter = string type = string }))">map(object({…}))</code> | | <code title="{ audit-logs = { filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" type = "bigquery" } vpc-sc = { filter = "protoPayload.metadata.@type=\"type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata\"" type = "bigquery" } }">{…}</code> | |
|
| [log_sinks](variables.tf#L154) | Org-level log sinks, in name => {type, filter} format. | <code title="map(object({ filter = string type = string }))">map(object({…}))</code> | | <code title="{ audit-logs = { filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" type = "bigquery" } vpc-sc = { filter = "protoPayload.metadata.@type=\"type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata\"" type = "bigquery" } }">{…}</code> | |
|
||||||
| [outputs_location](variables.tf#L188) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
| [outputs_location](variables.tf#L188) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||||
|
| [project_parent_ids](variables.tf#L204) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent. | <code title="object({ automation = string billing = string logging = string })">object({…})</code> | | <code title="{ automation = null billing = null logging = null }">{…}</code> | |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,9 @@ module "automation-project" {
|
||||||
source = "../../../modules/project"
|
source = "../../../modules/project"
|
||||||
billing_account = var.billing_account.id
|
billing_account = var.billing_account.id
|
||||||
name = "iac-core-0"
|
name = "iac-core-0"
|
||||||
parent = "organizations/${var.organization.id}"
|
parent = coalesce(
|
||||||
|
var.project_parent_ids.automation, "organizations/${var.organization.id}"
|
||||||
|
)
|
||||||
prefix = local.prefix
|
prefix = local.prefix
|
||||||
# human (groups) IAM bindings
|
# human (groups) IAM bindings
|
||||||
group_iam = {
|
group_iam = {
|
||||||
|
|
|
@ -33,7 +33,9 @@ module "billing-export-project" {
|
||||||
count = local.billing_org ? 1 : 0
|
count = local.billing_org ? 1 : 0
|
||||||
billing_account = var.billing_account.id
|
billing_account = var.billing_account.id
|
||||||
name = "billing-exp-0"
|
name = "billing-exp-0"
|
||||||
parent = "organizations/${var.organization.id}"
|
parent = coalesce(
|
||||||
|
var.project_parent_ids.billing, "organizations/${var.organization.id}"
|
||||||
|
)
|
||||||
prefix = local.prefix
|
prefix = local.prefix
|
||||||
iam = {
|
iam = {
|
||||||
"roles/owner" = [module.automation-tf-bootstrap-sa.iam_email]
|
"roles/owner" = [module.automation-tf-bootstrap-sa.iam_email]
|
||||||
|
|
|
@ -23,7 +23,9 @@ locals {
|
||||||
module "log-export-project" {
|
module "log-export-project" {
|
||||||
source = "../../../modules/project"
|
source = "../../../modules/project"
|
||||||
name = "audit-logs-0"
|
name = "audit-logs-0"
|
||||||
parent = "organizations/${var.organization.id}"
|
parent = coalesce(
|
||||||
|
var.project_parent_ids.logging, "organizations/${var.organization.id}"
|
||||||
|
)
|
||||||
prefix = local.prefix
|
prefix = local.prefix
|
||||||
billing_account = var.billing_account.id
|
billing_account = var.billing_account.id
|
||||||
iam = {
|
iam = {
|
||||||
|
|
|
@ -41,6 +41,9 @@ locals {
|
||||||
[module.automation-tf-bootstrap-sa.iam_email],
|
[module.automation-tf-bootstrap-sa.iam_email],
|
||||||
local._iam_bootstrap_user
|
local._iam_bootstrap_user
|
||||||
)
|
)
|
||||||
|
"roles/resourcemanager.projectMover" = [
|
||||||
|
module.automation-tf-bootstrap-sa.iam_email
|
||||||
|
]
|
||||||
"roles/resourcemanager.tagAdmin" = [
|
"roles/resourcemanager.tagAdmin" = [
|
||||||
module.automation-tf-resman-sa.iam_email
|
module.automation-tf-resman-sa.iam_email
|
||||||
]
|
]
|
||||||
|
|
|
@ -200,3 +200,18 @@ variable "prefix" {
|
||||||
error_message = "Use a maximum of 9 characters for prefix."
|
error_message = "Use a maximum of 9 characters for prefix."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "project_parent_ids" {
|
||||||
|
description = "Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent."
|
||||||
|
type = object({
|
||||||
|
automation = string
|
||||||
|
billing = string
|
||||||
|
logging = string
|
||||||
|
})
|
||||||
|
default = {
|
||||||
|
automation = null
|
||||||
|
billing = null
|
||||||
|
logging = null
|
||||||
|
}
|
||||||
|
nullable = false
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue