FAST: add support for project parents to bootstrap stage (#799)
* FAST: add support for project parents to bootstrap stage * change as per review comments
This commit is contained in:
parent
1e62078e37
commit
6035dc1491
|
@ -473,6 +473,7 @@ The remaining configuration is manual, as it regards the repositories themselves
|
|||
| [iam_additive](variables.tf#L146) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [log_sinks](variables.tf#L154) | Org-level log sinks, in name => {type, filter} format. | <code title="map(object({ filter = string type = string }))">map(object({…}))</code> | | <code title="{ audit-logs = { filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" type = "bigquery" } vpc-sc = { filter = "protoPayload.metadata.@type=\"type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata\"" type = "bigquery" } }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L188) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [project_parent_ids](variables.tf#L204) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent. | <code title="object({ automation = string billing = string logging = string })">object({…})</code> | | <code title="{ automation = null billing = null logging = null }">{…}</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -20,8 +20,10 @@ module "automation-project" {
|
|||
source = "../../../modules/project"
|
||||
billing_account = var.billing_account.id
|
||||
name = "iac-core-0"
|
||||
parent = "organizations/${var.organization.id}"
|
||||
prefix = local.prefix
|
||||
parent = coalesce(
|
||||
var.project_parent_ids.automation, "organizations/${var.organization.id}"
|
||||
)
|
||||
prefix = local.prefix
|
||||
# human (groups) IAM bindings
|
||||
group_iam = {
|
||||
(local.groups.gcp-devops) = [
|
||||
|
|
|
@ -33,8 +33,10 @@ module "billing-export-project" {
|
|||
count = local.billing_org ? 1 : 0
|
||||
billing_account = var.billing_account.id
|
||||
name = "billing-exp-0"
|
||||
parent = "organizations/${var.organization.id}"
|
||||
prefix = local.prefix
|
||||
parent = coalesce(
|
||||
var.project_parent_ids.billing, "organizations/${var.organization.id}"
|
||||
)
|
||||
prefix = local.prefix
|
||||
iam = {
|
||||
"roles/owner" = [module.automation-tf-bootstrap-sa.iam_email]
|
||||
}
|
||||
|
|
|
@ -21,9 +21,11 @@ locals {
|
|||
}
|
||||
|
||||
module "log-export-project" {
|
||||
source = "../../../modules/project"
|
||||
name = "audit-logs-0"
|
||||
parent = "organizations/${var.organization.id}"
|
||||
source = "../../../modules/project"
|
||||
name = "audit-logs-0"
|
||||
parent = coalesce(
|
||||
var.project_parent_ids.logging, "organizations/${var.organization.id}"
|
||||
)
|
||||
prefix = local.prefix
|
||||
billing_account = var.billing_account.id
|
||||
iam = {
|
||||
|
|
|
@ -41,6 +41,9 @@ locals {
|
|||
[module.automation-tf-bootstrap-sa.iam_email],
|
||||
local._iam_bootstrap_user
|
||||
)
|
||||
"roles/resourcemanager.projectMover" = [
|
||||
module.automation-tf-bootstrap-sa.iam_email
|
||||
]
|
||||
"roles/resourcemanager.tagAdmin" = [
|
||||
module.automation-tf-resman-sa.iam_email
|
||||
]
|
||||
|
|
|
@ -200,3 +200,18 @@ variable "prefix" {
|
|||
error_message = "Use a maximum of 9 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
||||
variable "project_parent_ids" {
|
||||
description = "Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent."
|
||||
type = object({
|
||||
automation = string
|
||||
billing = string
|
||||
logging = string
|
||||
})
|
||||
default = {
|
||||
automation = null
|
||||
billing = null
|
||||
logging = null
|
||||
}
|
||||
nullable = false
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue