Merge branch 'fast/var-contracts' of github.com:GoogleCloudPlatform/cloud-foundation-fabric into fast/var-contracts

fast/stages/01-resman/branch-teams.tf

@@ -77,7 +77,7 @@ module "branch-teams-team-dev-folder" {
   for_each = coalesce(var.team_folders, {})
   parent   = module.branch-teams-team-folder[each.key].id
   # naming: environment descriptive name
-  name = "${module.branch-teams-team-folder[each.key].name} - Development"
+  name = "Development"
   # environment-wide human permissions on the whole teams environment
   group_iam = {}
   iam = {
@@ -127,7 +127,7 @@ module "branch-teams-team-prod-folder" {
   for_each = coalesce(var.team_folders, {})
   parent   = module.branch-teams-team-folder[each.key].id
   # naming: environment descriptive name
-  name = "${module.branch-teams-team-folder[each.key].name} - Production"
+  name = "Production"
   # environment-wide human permissions on the whole teams environment
   group_iam = {}
   iam = {

fast/stages/03-project-factory/README.md

@@ -3,4 +3,4 @@
 The Project Factory (PF) builds on top of your foundations to create and set up projects (and related resources) to be used for your workloads.
 It is organized in folders representing environments (e.g. "dev", "prod"), each implemented by a stand-alone terraform [resource factory](https://medium.com/google-cloud/resource-factories-a-descriptive-approach-to-terraform-581b3ebb59c).
 
-This directory contains a single project factory ([`prod/`](./prod/)) as an example - to implement multiple environments (e.g. "prod" and "dev") you'll need to copy the `prod` folder into one folder per environment, then customize each one following the instructions found in [`prod/README.md`](./prod/README.md).
+This directory contains a single project factory ([`dev/`](./dev/)) as an example - to implement multiple environments (e.g. "prod" and "dev") you'll need to copy the `dev` folder into one folder per environment, then customize each one following the instructions found in [`dev/README.md`](./dev/README.md).

fast/stages/03-project-factory/dev/README.md

@@ -49,7 +49,7 @@ It's of course possible to run this stage in isolation, by making sure the archi
     - `"roles/compute.viewer"`
     - `"roles/dns.admin"`
 - If networking is used (e.g., for VMs, GKE Clusters or AppEngine flex), VPC Host projects and their subnets should exist when creating projects
-- If per-environment DNS sub-zones are required, one "root" zone per environment should exist when creating projects (e.g., prod.gcp.example.com.)
+- If per-environment DNS sub-zones are required, one "root" zone per environment should exist when creating projects (e.g., dev.gcp.example.com.)
 
 ### Providers configuration
 
@@ -57,8 +57,8 @@ If you're running this on top of Fast, you should run the following commands to
 
 ```bash
 # Variable `outputs_location` is set to `../../../config` in stage 01-resman
-$ cd fabric-fast/stages/03-project-factory/prod
+$ cd fabric-fast/stages/03-project-factory/dev
-ln -s ../../../config/03-project-factory-prod/providers.tf
+ln -s ../../../config/03-project-factory-dev/providers.tf
 ```
 
 ### Variable configuration
@@ -74,16 +74,16 @@ If you configured a valid path for `outputs_location` in the bootstrap and netwo
 
 ```bash
 # Variable `outputs_location` is set to `../../../config` in stages 01-bootstrap and the 02-networking stage in use
-ln -s ../../../config/03-project-factory-prod/terraform-bootstrap.auto.tfvars.json
+ln -s ../../../config/03-project-factory-dev/terraform-bootstrap.auto.tfvars.json
-ln -s ../../../config/03-project-factory-prod/terraform-networking.auto.tfvars.json
+ln -s ../../../config/03-project-factory-dev/terraform-networking.auto.tfvars.json
 ```
 
 If you're not using Fast, refer to the [Variables](#variables) table at the bottom of this document for a full list of variables, their origin (e.g., a stage or specific to this one), and descriptions explaining their meaning.
 
 Besides the values above, a project factory takes 2 additional inputs:
 
-- `data/defaults.yaml`, manually configured by adapting the [`prod/data/defaults.yaml.sample`](./prod/data/defaults.yaml.sample), which defines per-environment default values e.g., for billing alerts and labels.
+- `data/defaults.yaml`, manually configured by adapting the [`data/defaults.yaml`](./data/defaults.yaml), which defines per-environment default values e.g., for billing alerts and labels.
-- `data/projects/*.yaml`, one file per project (optionally grouped in folders), which configures each project. A [`prod/data/projects/project.yaml.sample`](./prod/data/projects/project.yaml.sample) is provided as reference and documentation for the schema. Projects will be named after the filename, e.g., `fast-prod-lab0.yaml` will create project `fast-prod-lab0`.
+- `data/projects/*.yaml`, one file per project (optionally grouped in folders), which configures each project. A [`data/projects/project.yaml`](./data/projects/project.yaml) is provided as reference and documentation for the schema. Projects will be named after the filename, e.g., `fast-dev-lab0.yaml` will create project `fast-dev-lab0`.
 
 Once the configuration is complete, run the project factory by running
 

fast/stages/03-project-factory/dev/data/defaults.yaml

@@ -15,7 +15,7 @@ essential_contacts: ["team-contacts@example.com"]
 
 # [opt] Labels set for all projects
 labels:
-  environment: prod
+  environment: dev
   department: accounting
   application: example-app
   foo: bar

fast/stages/03-project-factory/dev/data/projects/project.yaml

@@ -44,7 +44,7 @@ kms_service_agents:
 
 # [opt] Labels for the project - merged with the ones defined in defaults
 labels:
-  environment: prod
+  environment: dev
 
 # [opt] Org policy overrides defined at project level
 org_policies:
@@ -56,7 +56,7 @@ org_policies:
       status: true
       suggested_value: null
       values:
-        - projects/fast-prod-iac-core-0
+        - projects/fast-dev-iac-core-0
 
 # [opt] Service account to create for the project and their roles on the project
 # in name => [roles] format
@@ -90,11 +90,11 @@ vpc:
     enable_security_admin: true
 
   # Host project the project will be service project of
-  host_project: fast-prod-net-spoke-0
+  host_project: fast-dev-net-spoke-0
 
   # [opt] Subnets in the host project where principals will be granted networkUser
   # in region/subnet-name => [principals]
   subnets_iam:
-    europe-west1/prod-default-ew1:
+    europe-west1/dev-default-ew1:
       - user:foobar@example.com
       - serviceAccount:service-account1

modules/folder/README.md

@@ -61,7 +61,7 @@ module "folder" {
     policy_name = null
     rules_file  = "data/rules.yaml"
   }
-  firewall_policy_attachments = {
+  firewall_policy_association = {
     factory-policy = module.folder.firewall_policy_id["factory"]
   }
 }

tests/fast/stages/s03_project_factory/fixture/main.tf

@@ -14,44 +14,15 @@
  * limitations under the License.
  */
 
-# tfdoc:file:description Project factory.
-
-
-locals {
-  _defaults = yamldecode(file(var.defaults_file))
-  _defaults_net = {
-    billing_account_id   = var.billing_account_id
-    environment_dns_zone = var.environment_dns_zone
-    shared_vpc_self_link = var.shared_vpc_self_link
-    vpc_host_project     = var.vpc_host_project
-  }
-  defaults = merge(local._defaults, local._defaults_net)
-  projects = {
-    for f in fileset("${var.data_dir}", "**/*.yaml") :
-    trimsuffix(f, ".yaml") => yamldecode(file("${var.data_dir}/${f}"))
-  }
-}
-
 module "projects" {
-  #TODO(sruffilli): Pin to release
+  source               = "../../../../../fast/stages/03-project-factory/dev"
-  source             = "../../../../../examples/factories/project-factory"
+  data_dir             = "./data/projects/"
-  for_each           = local.projects
+  defaults_file        = "./data/defaults.yaml"
-  defaults           = local.defaults
+  prefix               = "test"
-  project_id         = each.key
+  billing_account_id   = "12345-67890A-BCDEF0"
-  billing_account_id = try(each.value.billing_account_id, null)
+  environment_dns_zone = "dev"
-  billing_alert      = try(each.value.billing_alert, null)
+  shared_vpc_self_link = "fake_link"
-  dns_zones          = try(each.value.dns_zones, [])
+  vpc_host_project     = "host_project"
-  essential_contacts = try(each.value.essential_contacts, [])
-  folder_id          = each.value.folder_id
-  group_iam          = try(each.value.group_iam, {})
-  iam                = try(each.value.iam, {})
-  kms_service_agents = try(each.value.kms, {})
-  labels             = try(each.value.labels, {})
-  org_policies       = try(each.value.org_policies, null)
-  service_accounts   = try(each.value.service_accounts, {})
-  services           = try(each.value.services, [])
-  services_iam       = try(each.value.services_iam, {})
-  vpc                = try(each.value.vpc, null)
 }