From 894647ff9eced57a249180d252a9b88f8398710c Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Fri, 7 Oct 2022 08:55:47 +0200 Subject: [PATCH] Leverage new shared VPC project config defaults across the repo --- CONTRIBUTING.md | 10 ++++---- .../examples/shared-vpc-example/projects.tf | 3 +-- .../network-dashboard/tests/test.tf | 24 +++++++------------ .../cloudsql-multiregion/main.tf | 5 ++-- blueprints/data-solutions/composer-2/main.tf | 5 ++-- .../data-platform-foundations/02-load.tf | 5 ++-- .../03-orchestration.tf | 5 ++-- .../04-transformation.tf | 5 ++-- .../gcs-to-bq-with-least-privileges/main.tf | 5 ++-- .../data-solutions/sqlserver-alwayson/main.tf | 5 ++-- .../multi-cluster-mesh-gke-fleet-api/main.tf | 3 +-- .../networking/decentralized-firewall/main.tf | 6 ++--- blueprints/networking/filtering-proxy/main.tf | 3 +-- blueprints/networking/shared-vpc-gke/main.tf | 3 +-- fast/stages/02-networking-nva/landing.tf | 3 +-- fast/stages/02-networking-nva/spoke-dev.tf | 3 +-- fast/stages/02-networking-nva/spoke-prod.tf | 3 +-- fast/stages/02-networking-peering/landing.tf | 3 +-- .../stages/02-networking-peering/spoke-dev.tf | 3 +-- .../02-networking-peering/spoke-prod.tf | 3 +-- fast/stages/02-networking-vpn/landing.tf | 3 +-- fast/stages/02-networking-vpn/spoke-dev.tf | 3 +-- fast/stages/02-networking-vpn/spoke-prod.tf | 3 +-- modules/project/README.md | 3 +-- 24 files changed, 43 insertions(+), 74 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9495676f..733d6ba9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -141,9 +141,8 @@ module "project" { storage = [local.kms.europe.gcs] } shared_vpc_service_config = { - attach = true - host_project = "project-host" - service_identity_iam = {} + attach = true + host_project = "project-host" } } ``` @@ -258,9 +257,8 @@ module "project" { source = "./modules/project" name = "prj-1" shared_vpc_service_config = { - attach = true - host_project = "project-host" - service_identity_iam = {} + attach = true + host_project = "project-host" } } ``` diff --git a/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/projects.tf b/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/projects.tf index 66602cb1..4c247cde 100644 --- a/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/projects.tf +++ b/blueprints/cloud-operations/dns-shared-vpc/examples/shared-vpc-example/projects.tf @@ -37,8 +37,7 @@ module "project-host" { services = var.project_services shared_vpc_host_config = { - enabled = true - service_projects = [] # defined later + enabled = true } } diff --git a/blueprints/cloud-operations/network-dashboard/tests/test.tf b/blueprints/cloud-operations/network-dashboard/tests/test.tf index 791d68b0..2f04485b 100644 --- a/blueprints/cloud-operations/network-dashboard/tests/test.tf +++ b/blueprints/cloud-operations/network-dashboard/tests/test.tf @@ -30,8 +30,7 @@ module "project-hub" { services = var.project_vm_services shared_vpc_host_config = { - enabled = true - service_projects = [] # defined later + enabled = true } } @@ -58,9 +57,8 @@ module "project-svc-hub" { services = var.project_vm_services shared_vpc_service_config = { - attach = true - host_project = module.project-hub.project_id - service_identity_iam = {} + attach = true + host_project = module.project-hub.project_id } } @@ -73,8 +71,7 @@ module "project-prod" { services = var.project_vm_services shared_vpc_host_config = { - enabled = true - service_projects = [] # defined later + enabled = true } } @@ -101,9 +98,8 @@ module "project-svc-prod" { services = var.project_vm_services shared_vpc_service_config = { - attach = true - host_project = module.project-prod.project_id - service_identity_iam = {} + attach = true + host_project = module.project-prod.project_id } } @@ -116,8 +112,7 @@ module "project-dev" { services = var.project_vm_services shared_vpc_host_config = { - enabled = true - service_projects = [] # defined later + enabled = true } } @@ -144,9 +139,8 @@ module "project-svc-dev" { services = var.project_vm_services shared_vpc_service_config = { - attach = true - host_project = module.project-dev.project_id - service_identity_iam = {} + attach = true + host_project = module.project-dev.project_id } } diff --git a/blueprints/data-solutions/cloudsql-multiregion/main.tf b/blueprints/data-solutions/cloudsql-multiregion/main.tf index c3264877..14dedd84 100644 --- a/blueprints/data-solutions/cloudsql-multiregion/main.tf +++ b/blueprints/data-solutions/cloudsql-multiregion/main.tf @@ -94,9 +94,8 @@ module "project" { ] shared_vpc_service_config = local.shared_vpc_project == null ? null : { - attach = true - host_project = local.shared_vpc_project - service_identity_iam = {} + attach = true + host_project = local.shared_vpc_project } service_encryption_key_ids = { diff --git a/blueprints/data-solutions/composer-2/main.tf b/blueprints/data-solutions/composer-2/main.tf index c55113e0..23904096 100644 --- a/blueprints/data-solutions/composer-2/main.tf +++ b/blueprints/data-solutions/composer-2/main.tf @@ -97,9 +97,8 @@ module "project" { ] shared_vpc_service_config = local.shared_vpc_project == null ? null : { - attach = true - host_project = local.shared_vpc_project - service_identity_iam = {} + attach = true + host_project = local.shared_vpc_project } service_encryption_key_ids = { diff --git a/blueprints/data-solutions/data-platform-foundations/02-load.tf b/blueprints/data-solutions/data-platform-foundations/02-load.tf index 8fdbe215..93380411 100644 --- a/blueprints/data-solutions/data-platform-foundations/02-load.tf +++ b/blueprints/data-solutions/data-platform-foundations/02-load.tf @@ -74,9 +74,8 @@ module "load-project" { storage = [try(local.service_encryption_keys.storage, null)] } shared_vpc_service_config = local.shared_vpc_project == null ? null : { - attach = true - host_project = local.shared_vpc_project - service_identity_iam = {} + attach = true + host_project = local.shared_vpc_project } } diff --git a/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf b/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf index 137d4e93..e624c197 100644 --- a/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf +++ b/blueprints/data-solutions/data-platform-foundations/03-orchestration.tf @@ -92,9 +92,8 @@ module "orch-project" { storage = [try(local.service_encryption_keys.storage, null)] } shared_vpc_service_config = local.shared_vpc_project == null ? null : { - attach = true - host_project = local.shared_vpc_project - service_identity_iam = {} + attach = true + host_project = local.shared_vpc_project } } diff --git a/blueprints/data-solutions/data-platform-foundations/04-transformation.tf b/blueprints/data-solutions/data-platform-foundations/04-transformation.tf index 6f2aacad..fa71e27a 100644 --- a/blueprints/data-solutions/data-platform-foundations/04-transformation.tf +++ b/blueprints/data-solutions/data-platform-foundations/04-transformation.tf @@ -72,9 +72,8 @@ module "transf-project" { storage = [try(local.service_encryption_keys.storage, null)] } shared_vpc_service_config = local.shared_vpc_project == null ? null : { - attach = true - host_project = local.shared_vpc_project - service_identity_iam = {} + attach = true + host_project = local.shared_vpc_project } } diff --git a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/main.tf b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/main.tf index a70b83ad..b4e0b834 100644 --- a/blueprints/data-solutions/gcs-to-bq-with-least-privileges/main.tf +++ b/blueprints/data-solutions/gcs-to-bq-with-least-privileges/main.tf @@ -125,9 +125,8 @@ module "project" { iam = var.project_create != null ? local.iam : {} iam_additive = var.project_create == null ? local.iam : {} shared_vpc_service_config = local.shared_vpc_project == null ? null : { - attach = true - host_project = local.shared_vpc_project - service_identity_iam = {} + attach = true + host_project = local.shared_vpc_project } } diff --git a/blueprints/data-solutions/sqlserver-alwayson/main.tf b/blueprints/data-solutions/sqlserver-alwayson/main.tf index 88622ca9..3d391c5f 100644 --- a/blueprints/data-solutions/sqlserver-alwayson/main.tf +++ b/blueprints/data-solutions/sqlserver-alwayson/main.tf @@ -49,8 +49,7 @@ module "project" { iam = {} iam_additive = {} shared_vpc_service_config = var.shared_vpc_project_id == null ? null : { - attach = true - host_project = var.shared_vpc_project_id - service_identity_iam = {} + attach = true + host_project = var.shared_vpc_project_id } } diff --git a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/main.tf b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/main.tf index 034d7535..6e6a5c85 100644 --- a/blueprints/gke/multi-cluster-mesh-gke-fleet-api/main.tf +++ b/blueprints/gke/multi-cluster-mesh-gke-fleet-api/main.tf @@ -24,8 +24,7 @@ module "host_project" { parent = var.parent name = var.host_project_id shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } services = [ "container.googleapis.com" diff --git a/blueprints/networking/decentralized-firewall/main.tf b/blueprints/networking/decentralized-firewall/main.tf index fbc5d973..57c87e99 100644 --- a/blueprints/networking/decentralized-firewall/main.tf +++ b/blueprints/networking/decentralized-firewall/main.tf @@ -25,8 +25,7 @@ module "project-host-prod" { services = var.project_services shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } } @@ -39,8 +38,7 @@ module "project-host-dev" { services = var.project_services shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } } diff --git a/blueprints/networking/filtering-proxy/main.tf b/blueprints/networking/filtering-proxy/main.tf index 440a4b59..9fc1c36a 100644 --- a/blueprints/networking/filtering-proxy/main.tf +++ b/blueprints/networking/filtering-proxy/main.tf @@ -48,8 +48,7 @@ module "project-host" { "logging.googleapis.com" ] shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } } diff --git a/blueprints/networking/shared-vpc-gke/main.tf b/blueprints/networking/shared-vpc-gke/main.tf index 9ee388ba..e4eb1a49 100644 --- a/blueprints/networking/shared-vpc-gke/main.tf +++ b/blueprints/networking/shared-vpc-gke/main.tf @@ -27,8 +27,7 @@ module "project-host" { name = "net" services = concat(var.project_services, ["dns.googleapis.com"]) shared_vpc_host_config = { - enabled = true - service_projects = [] # defined later + enabled = true } iam = { "roles/owner" = var.owners_host diff --git a/fast/stages/02-networking-nva/landing.tf b/fast/stages/02-networking-nva/landing.tf index 2738bdc0..7022b10f 100644 --- a/fast/stages/02-networking-nva/landing.tf +++ b/fast/stages/02-networking-nva/landing.tf @@ -30,8 +30,7 @@ module "landing-project" { "stackdriver.googleapis.com" ] shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } iam = { "roles/dns.admin" = compact([ diff --git a/fast/stages/02-networking-nva/spoke-dev.tf b/fast/stages/02-networking-nva/spoke-dev.tf index c7765d51..ba11cd8e 100644 --- a/fast/stages/02-networking-nva/spoke-dev.tf +++ b/fast/stages/02-networking-nva/spoke-dev.tf @@ -31,8 +31,7 @@ module "dev-spoke-project" { "stackdriver.googleapis.com", ] shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } metric_scopes = [module.landing-project.project_id] iam = { diff --git a/fast/stages/02-networking-nva/spoke-prod.tf b/fast/stages/02-networking-nva/spoke-prod.tf index b3fe6acd..7150195e 100644 --- a/fast/stages/02-networking-nva/spoke-prod.tf +++ b/fast/stages/02-networking-nva/spoke-prod.tf @@ -31,8 +31,7 @@ module "prod-spoke-project" { "stackdriver.googleapis.com", ] shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } metric_scopes = [module.landing-project.project_id] iam = { diff --git a/fast/stages/02-networking-peering/landing.tf b/fast/stages/02-networking-peering/landing.tf index 77417d47..b090219b 100644 --- a/fast/stages/02-networking-peering/landing.tf +++ b/fast/stages/02-networking-peering/landing.tf @@ -30,8 +30,7 @@ module "landing-project" { "stackdriver.googleapis.com" ] shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } iam = { "roles/dns.admin" = compact([ diff --git a/fast/stages/02-networking-peering/spoke-dev.tf b/fast/stages/02-networking-peering/spoke-dev.tf index 586ccf5d..e9ad6fbf 100644 --- a/fast/stages/02-networking-peering/spoke-dev.tf +++ b/fast/stages/02-networking-peering/spoke-dev.tf @@ -32,8 +32,7 @@ module "dev-spoke-project" { "stackdriver.googleapis.com", ] shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } metric_scopes = [module.landing-project.project_id] iam = { diff --git a/fast/stages/02-networking-peering/spoke-prod.tf b/fast/stages/02-networking-peering/spoke-prod.tf index 12385d3e..77a0e087 100644 --- a/fast/stages/02-networking-peering/spoke-prod.tf +++ b/fast/stages/02-networking-peering/spoke-prod.tf @@ -32,8 +32,7 @@ module "prod-spoke-project" { "stackdriver.googleapis.com", ] shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } metric_scopes = [module.landing-project.project_id] iam = { diff --git a/fast/stages/02-networking-vpn/landing.tf b/fast/stages/02-networking-vpn/landing.tf index 77417d47..b090219b 100644 --- a/fast/stages/02-networking-vpn/landing.tf +++ b/fast/stages/02-networking-vpn/landing.tf @@ -30,8 +30,7 @@ module "landing-project" { "stackdriver.googleapis.com" ] shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } iam = { "roles/dns.admin" = compact([ diff --git a/fast/stages/02-networking-vpn/spoke-dev.tf b/fast/stages/02-networking-vpn/spoke-dev.tf index 586ccf5d..e9ad6fbf 100644 --- a/fast/stages/02-networking-vpn/spoke-dev.tf +++ b/fast/stages/02-networking-vpn/spoke-dev.tf @@ -32,8 +32,7 @@ module "dev-spoke-project" { "stackdriver.googleapis.com", ] shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } metric_scopes = [module.landing-project.project_id] iam = { diff --git a/fast/stages/02-networking-vpn/spoke-prod.tf b/fast/stages/02-networking-vpn/spoke-prod.tf index 12385d3e..77a0e087 100644 --- a/fast/stages/02-networking-vpn/spoke-prod.tf +++ b/fast/stages/02-networking-vpn/spoke-prod.tf @@ -32,8 +32,7 @@ module "prod-spoke-project" { "stackdriver.googleapis.com", ] shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } metric_scopes = [module.landing-project.project_id] iam = { diff --git a/modules/project/README.md b/modules/project/README.md index 21564da5..9df30d18 100644 --- a/modules/project/README.md +++ b/modules/project/README.md @@ -123,8 +123,7 @@ module "project" { source = "./fabric/modules/project" name = "project-example" shared_vpc_host_config = { - enabled = true - service_projects = [] + enabled = true } } # tftest modules=1 resources=2