Fix

2022-02-14 23:54:53 +01:00 · 2022-02-14 23:54:53 +01:00 · 8906252528
parent 7252e7ec01
commit 8906252528
4 changed files with 33 additions and 24 deletions
--- a/fast/stages/01-resman/README.md
+++ b/fast/stages/01-resman/README.md
@ -158,6 +158,7 @@ Due to its simplicity, this stage lends itself easily to customizations: adding
 | [main.tf](./main.tf) | Module-level locals and resources. |  |  |
 | [organization.tf](./organization.tf) | Organization policies. | <code>organization</code> |  |
 | [outputs.tf](./outputs.tf) | Module outputs. |  | <code>local_file</code> |
+| [providers.tf](./providers.tf) | Provider configurations. |  |  |
 | [variables.tf](./variables.tf) | Module variables. |  |  |

 ## Variables
@ -178,12 +179,13 @@ Due to its simplicity, this stage lends itself easily to customizations: adding

 | name | description | sensitive | consumers |
 |---|---|:---:|---|
-| [networking](outputs.tf#L107) | Data for the networking stage. |  | <code>02-networking</code> |
-| [project_factories](outputs.tf#L117) | Data for the project factories stage. |  | <code>xx-teams</code> |
-| [providers](outputs.tf#L134) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
-| [sandbox](outputs.tf#L141) | Data for the sandbox stage. |  | <code>xx-sandbox</code> |
-| [security](outputs.tf#L151) | Data for the networking stage. |  | <code>02-security</code> |
-| [teams](outputs.tf#L161) | Data for the teams stage. |  |  |
-| [tfvars](outputs.tf#L174) | Terraform variable files for the following stages. | ✓ |  |
+| [dataplatform](outputs.tf#L104) | Data for the Data Platform stage. |  | <code>02-networking</code> |
+| [networking](outputs.tf#L121) | Data for the networking stage. |  | <code>02-networking</code> |
+| [project_factories](outputs.tf#L131) | Data for the project factories stage. |  | <code>xx-teams</code> |
+| [providers](outputs.tf#L148) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
+| [sandbox](outputs.tf#L155) | Data for the sandbox stage. |  | <code>xx-sandbox</code> |
+| [security](outputs.tf#L165) | Data for the networking stage. |  | <code>02-security</code> |
+| [teams](outputs.tf#L175) | Data for the teams stage. |  |  |
+| [tfvars](outputs.tf#L188) | Terraform variable files for the following stages. | ✓ |  |

 <!-- END TFDOC -->
--- a/fast/stages/01-resman/branch-dataplatform.tf
+++ b/fast/stages/01-resman/branch-dataplatform.tf
@ -35,21 +35,11 @@ module "branch-dp-dev-folder" {
  group_iam = {}
  iam = {
    # remove owner here and at project level if SA does not manage project resources
-    "roles/owner" = [
-      module.branch-dp-dev-sa.iam_email
-    ]
-    "roles/logging.admin" = [
-      module.branch-dp-dev-sa.iam_email
-    ]
-    "roles/resourcemanager.folderAdmin" = [
-      module.branch-dp-dev-sa.iam_email
-    ]
-    "roles/resourcemanager.projectCreator" = [
-      module.branch-dp-dev-sa.iam_email
-    ]
-    "roles/compute.xpnAdmin" = [
-      module.branch-teams-dev-projectfactory-sa.iam_email
-    ]
+    "roles/logging.admin"                  = [module.branch-dp-dev-sa.iam_email]
+    "roles/owner"                          = [module.branch-dp-dev-sa.iam_email]
+    "roles/resourcemanager.folderAdmin"    = [module.branch-dp-dev-sa.iam_email]
+    "roles/resourcemanager.projectCreator" = [module.branch-dp-dev-sa.iam_email]
+    "roles/compute.xpnAdmin"               = [module.branch-dp-dev-sa.iam_email]
  }
 }

--- a/fast/stages/01-resman/organization.tf
+++ b/fast/stages/01-resman/organization.tf
@ -78,11 +78,11 @@ module "organization" {
          module.branch-network-sa.iam_email,
          module.branch-security-sa.iam_email,
        ],
+        local.branch_dataplatform_sa_iam_emails,
        # enable if individual teams can create their own projects
        # [
        #   for k, v in module.branch-teams-team-sa : v.iam_email
        # ],
-        local.branch_dataplatform_sa_iam_emails,
        local.branch_teams_pf_sa_iam_emails
      )
    } : {}
--- a/fast/stages/01-resman/outputs.tf
+++ b/fast/stages/01-resman/outputs.tf
@ -101,6 +101,23 @@ resource "local_file" "tfvars" {

 # outputs

+output "dataplatform" {
+  # tfdoc:output:consumers 03-dataplatform
+  description = "Data for the Data Platform stage."
+  value = {
+    dev = {
+      folder          = module.branch-dp-dev-folder.id
+      gcs_bucket      = module.branch-dp-dev-gcs.name
+      service_account = module.branch-dp-dev-sa.email
+    }
+    prod = {
+      folder          = module.branch-dp-prod-folder.id
+      gcs_bucket      = module.branch-dp-prod-gcs.name
+      service_account = module.branch-dp-prod-sa.email
+    }
+  }
+}
+
 output "networking" {
  # tfdoc:output:consumers 02-networking
  description = "Data for the networking stage."
@ -129,7 +146,7 @@ output "project_factories" {
 # ready to use provider configurations for subsequent stages

 output "providers" {
-  # tfdoc:output:consumers 02-networking 02-security xx-sandbox xx-teams
+  # tfdoc:output:consumers 02-networking 02-security 03-dataplatform xx-sandbox xx-teams
  description = "Terraform provider files for this stage and dependent stages."
  sensitive   = true
  value       = local.providers