Merge branch 'master' into lcaggio/cloudsql-shared
This commit is contained in:
lcaggio
commit
b712628151
|
|
@ -1,51 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
name: Post-merge tasks
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
types:
|
||||
- closed
|
||||
|
||||
env:
|
||||
PYTHON_VERSION: "3.10"
|
||||
|
||||
jobs:
|
||||
if_merged:
|
||||
if: github.event.pull_request.merged == true
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: ${{ env.PYTHON_VERSION }}
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
pip install -r tools/requirements.txt
|
||||
- name: Update Changelog
|
||||
run: |
|
||||
python3 tools/changelog.py --token secrets.GITHUB_TOKEN CHANGELOG.md
|
||||
- name: Commit and push Changelog
|
||||
env:
|
||||
CI_COMMIT_MESSAGE: Update Changelog
|
||||
CI_COMMIT_AUTHOR: Fabric Repo Workflows
|
||||
run: |
|
||||
git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
|
||||
git config --global user.email "username@users.noreply.github.com"
|
||||
git commit -a -m "${{ env.CI_COMMIT_MESSAGE }}"
|
||||
git push
|
||||
|
|
@ -9,6 +9,8 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
### FAST
|
||||
|
||||
- [[#800](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/800)] FAST: add support for storage locations in stages 0 and 1 ([ludoo](https://github.com/ludoo)) <!-- 2022-09-08 13:24:43+00:00 -->
|
||||
- [[#799](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/799)] FAST: add support for project parents to bootstrap stage ([ludoo](https://github.com/ludoo)) <!-- 2022-09-08 13:11:47+00:00 -->
|
||||
- [[#793](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/793)] FAST: fix typo in CI/CD stage outputs. ([fawzihmouda](https://github.com/fawzihmouda)) <!-- 2022-09-04 11:50:36+00:00 -->
|
||||
- [[#774](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/774)] FAST: fix data-platform-dev folder in stage 03-data-platform ([sttomm](https://github.com/sttomm)) <!-- 2022-08-16 07:36:24+00:00 -->
|
||||
- [[#770](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/770)] FAST: fix to move without `output_location` ([daisuky-jp](https://github.com/daisuky-jp)) <!-- 2022-08-07 07:00:27+00:00 -->
|
||||
|
|
@ -99,6 +101,8 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
### TOOLS
|
||||
|
||||
- [[#796](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/796)] Remove duplicate path component from doc_examples test names. ([juliocc](https://github.com/juliocc)) <!-- 2022-09-07 09:37:19+00:00 -->
|
||||
- [[#794](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/794)] Test documentation examples in the `examples/` folder ([juliocc](https://github.com/juliocc)) <!-- 2022-09-06 19:38:26+00:00 -->
|
||||
- [[#788](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/788)] fix yaml quotes for merge-pr workflow ([drebes](https://github.com/drebes)) <!-- 2022-08-31 13:47:33+00:00 -->
|
||||
- [[#763](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/763)] Changelog generator ([ludoo](https://github.com/ludoo)) <!-- 2022-08-02 09:45:06+00:00 -->
|
||||
- [[#762](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/762)] Update changelog on pull request merge ([ludoo](https://github.com/ludoo)) <!-- 2022-07-30 17:04:00+00:00 -->
|
||||
|
|
|
|||
|
|
@ -461,8 +461,8 @@ The remaining configuration is manual, as it regards the repositories themselves
|
|||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [billing_account](variables.tf#L17) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object({ id = string organization_id = number })">object({…})</code> | ✓ | | |
|
||||
| [organization](variables.tf#L179) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | |
|
||||
| [prefix](variables.tf#L194) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | |
|
||||
| [organization](variables.tf#L196) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | |
|
||||
| [prefix](variables.tf#L211) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | |
|
||||
| [bootstrap_user](variables.tf#L25) | Email of the nominal user running this stage for the first time. | <code>string</code> | | <code>null</code> | |
|
||||
| [cicd_repositories](variables.tf#L31) | CI/CD repository configuration. Identity providers reference keys in the `federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | <code title="object({ bootstrap = object({ branch = string identity_provider = string name = string type = string }) cicd = object({ branch = string identity_provider = string name = string type = string }) resman = object({ branch = string identity_provider = string name = string type = string }) })">object({…})</code> | | <code>null</code> | |
|
||||
| [custom_role_names](variables.tf#L83) | Names of custom roles defined at the org level. | <code title="object({ organization_iam_admin = string service_project_network_admin = string })">object({…})</code> | | <code title="{ organization_iam_admin = "organizationIamAdmin" service_project_network_admin = "serviceProjectNetworkAdmin" }">{…}</code> | |
|
||||
|
|
@ -471,22 +471,24 @@ The remaining configuration is manual, as it regards the repositories themselves
|
|||
| [groups](variables.tf#L126) | Group names to grant organization-level permissions. | <code>map(string)</code> | | <code title="{ gcp-billing-admins = "gcp-billing-admins", gcp-devops = "gcp-devops", gcp-network-admins = "gcp-network-admins" gcp-organization-admins = "gcp-organization-admins" gcp-security-admins = "gcp-security-admins" gcp-support = "gcp-support" }">{…}</code> | |
|
||||
| [iam](variables.tf#L140) | Organization-level custom IAM settings in role => [principal] format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam_additive](variables.tf#L146) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [log_sinks](variables.tf#L154) | Org-level log sinks, in name => {type, filter} format. | <code title="map(object({ filter = string type = string }))">map(object({…}))</code> | | <code title="{ audit-logs = { filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" type = "bigquery" } vpc-sc = { filter = "protoPayload.metadata.@type=\"type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata\"" type = "bigquery" } }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L188) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [locations](variables.tf#L152) | Optional locations for GCS, BigQuery, and logging buckets created here. | <code title="object({ bq = string gcs = string logging = string pubsub = list(string) })">object({…})</code> | | <code title="{ bq = "EU" gcs = "EU" logging = "global" pubsub = [] }">{…}</code> | |
|
||||
| [log_sinks](variables.tf#L171) | Org-level log sinks, in name => {type, filter} format. | <code title="map(object({ filter = string type = string }))">map(object({…}))</code> | | <code title="{ audit-logs = { filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" type = "bigquery" } vpc-sc = { filter = "protoPayload.metadata.@type=\"type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata\"" type = "bigquery" } }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L205) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [project_parent_ids](variables.tf#L221) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent. | <code title="object({ automation = string billing = string logging = string })">object({…})</code> | | <code title="{ automation = null billing = null logging = null }">{…}</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive | consumers |
|
||||
|---|---|:---:|---|
|
||||
| [automation](outputs.tf#L88) | Automation resources. | | |
|
||||
| [billing_dataset](outputs.tf#L93) | BigQuery dataset prepared for billing export. | | |
|
||||
| [cicd_repositories](outputs.tf#L98) | CI/CD repository configurations. | | |
|
||||
| [custom_roles](outputs.tf#L110) | Organization-level custom roles. | | |
|
||||
| [federated_identity](outputs.tf#L115) | Workload Identity Federation pool and providers. | | |
|
||||
| [outputs_bucket](outputs.tf#L125) | GCS bucket where generated output files are stored. | | |
|
||||
| [project_ids](outputs.tf#L130) | Projects created by this stage. | | |
|
||||
| [providers](outputs.tf#L150) | Terraform provider files for this stage and dependent stages. | ✓ | <code>stage-01</code> |
|
||||
| [service_accounts](outputs.tf#L139) | Automation service accounts created by this stage. | | |
|
||||
| [tfvars](outputs.tf#L159) | Terraform variable files for the following stages. | ✓ | |
|
||||
| [automation](outputs.tf#L89) | Automation resources. | | |
|
||||
| [billing_dataset](outputs.tf#L94) | BigQuery dataset prepared for billing export. | | |
|
||||
| [cicd_repositories](outputs.tf#L99) | CI/CD repository configurations. | | |
|
||||
| [custom_roles](outputs.tf#L111) | Organization-level custom roles. | | |
|
||||
| [federated_identity](outputs.tf#L116) | Workload Identity Federation pool and providers. | | |
|
||||
| [outputs_bucket](outputs.tf#L126) | GCS bucket where generated output files are stored. | | |
|
||||
| [project_ids](outputs.tf#L131) | Projects created by this stage. | | |
|
||||
| [providers](outputs.tf#L151) | Terraform provider files for this stage and dependent stages. | ✓ | <code>stage-01</code> |
|
||||
| [service_accounts](outputs.tf#L140) | Automation service accounts created by this stage. | | |
|
||||
| [tfvars](outputs.tf#L160) | Terraform variable files for the following stages. | ✓ | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
|||
|
|
@ -20,8 +20,10 @@ module "automation-project" {
|
|||
source = "../../../modules/project"
|
||||
billing_account = var.billing_account.id
|
||||
name = "iac-core-0"
|
||||
parent = "organizations/${var.organization.id}"
|
||||
prefix = local.prefix
|
||||
parent = coalesce(
|
||||
var.project_parent_ids.automation, "organizations/${var.organization.id}"
|
||||
)
|
||||
prefix = local.prefix
|
||||
# human (groups) IAM bindings
|
||||
group_iam = {
|
||||
(local.groups.gcp-devops) = [
|
||||
|
|
@ -83,23 +85,27 @@ module "automation-project" {
|
|||
# output files bucket
|
||||
|
||||
module "automation-tf-output-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
project_id = module.automation-project.project_id
|
||||
name = "iac-core-outputs-0"
|
||||
prefix = local.prefix
|
||||
versioning = true
|
||||
depends_on = [module.organization]
|
||||
source = "../../../modules/gcs"
|
||||
project_id = module.automation-project.project_id
|
||||
name = "iac-core-outputs-0"
|
||||
prefix = local.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
depends_on = [module.organization]
|
||||
}
|
||||
|
||||
# this stage's bucket and service account
|
||||
|
||||
module "automation-tf-bootstrap-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
project_id = module.automation-project.project_id
|
||||
name = "iac-core-bootstrap-0"
|
||||
prefix = local.prefix
|
||||
versioning = true
|
||||
depends_on = [module.organization]
|
||||
source = "../../../modules/gcs"
|
||||
project_id = module.automation-project.project_id
|
||||
name = "iac-core-bootstrap-0"
|
||||
prefix = local.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
depends_on = [module.organization]
|
||||
}
|
||||
|
||||
module "automation-tf-bootstrap-sa" {
|
||||
|
|
@ -122,11 +128,13 @@ module "automation-tf-bootstrap-sa" {
|
|||
# cicd stage's bucket and service account
|
||||
|
||||
module "automation-tf-cicd-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
project_id = module.automation-project.project_id
|
||||
name = "iac-core-cicd-0"
|
||||
prefix = local.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
project_id = module.automation-project.project_id
|
||||
name = "iac-core-cicd-0"
|
||||
prefix = local.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.automation-tf-cicd-provisioning-sa.iam_email]
|
||||
}
|
||||
|
|
@ -153,11 +161,13 @@ module "automation-tf-cicd-provisioning-sa" {
|
|||
# resource hierarchy stage's bucket and service account
|
||||
|
||||
module "automation-tf-resman-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
project_id = module.automation-project.project_id
|
||||
name = "iac-core-resman-0"
|
||||
prefix = local.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
project_id = module.automation-project.project_id
|
||||
name = "iac-core-resman-0"
|
||||
prefix = local.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.automation-tf-resman-sa.iam_email]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,8 +33,10 @@ module "billing-export-project" {
|
|||
count = local.billing_org ? 1 : 0
|
||||
billing_account = var.billing_account.id
|
||||
name = "billing-exp-0"
|
||||
parent = "organizations/${var.organization.id}"
|
||||
prefix = local.prefix
|
||||
parent = coalesce(
|
||||
var.project_parent_ids.billing, "organizations/${var.organization.id}"
|
||||
)
|
||||
prefix = local.prefix
|
||||
iam = {
|
||||
"roles/owner" = [module.automation-tf-bootstrap-sa.iam_email]
|
||||
}
|
||||
|
|
@ -54,6 +56,7 @@ module "billing-export-dataset" {
|
|||
project_id = module.billing-export-project.0.project_id
|
||||
id = "billing_export"
|
||||
friendly_name = "Billing export."
|
||||
location = var.locations.bq
|
||||
}
|
||||
|
||||
# billing account in a different org
|
||||
|
|
|
|||
|
|
@ -21,9 +21,11 @@ locals {
|
|||
}
|
||||
|
||||
module "log-export-project" {
|
||||
source = "../../../modules/project"
|
||||
name = "audit-logs-0"
|
||||
parent = "organizations/${var.organization.id}"
|
||||
source = "../../../modules/project"
|
||||
name = "audit-logs-0"
|
||||
parent = coalesce(
|
||||
var.project_parent_ids.logging, "organizations/${var.organization.id}"
|
||||
)
|
||||
prefix = local.prefix
|
||||
billing_account = var.billing_account.id
|
||||
iam = {
|
||||
|
|
@ -47,14 +49,17 @@ module "log-export-dataset" {
|
|||
project_id = module.log-export-project.project_id
|
||||
id = "audit_export"
|
||||
friendly_name = "Audit logs export."
|
||||
location = var.locations.bq
|
||||
}
|
||||
|
||||
module "log-export-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
count = contains(local.log_types, "storage") ? 1 : 0
|
||||
project_id = module.log-export-project.project_id
|
||||
name = "audit-logs-0"
|
||||
prefix = local.prefix
|
||||
source = "../../../modules/gcs"
|
||||
count = contains(local.log_types, "storage") ? 1 : 0
|
||||
project_id = module.log-export-project.project_id
|
||||
name = "audit-logs-0"
|
||||
prefix = local.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
}
|
||||
|
||||
module "log-export-logbucket" {
|
||||
|
|
@ -63,6 +68,7 @@ module "log-export-logbucket" {
|
|||
parent_type = "project"
|
||||
parent = module.log-export-project.project_id
|
||||
id = "audit-logs-${each.key}"
|
||||
location = var.locations.logging
|
||||
}
|
||||
|
||||
module "log-export-pubsub" {
|
||||
|
|
@ -70,4 +76,5 @@ module "log-export-pubsub" {
|
|||
for_each = toset([for k, v in var.log_sinks : k if v.type == "pubsub"])
|
||||
project_id = module.log-export-project.project_id
|
||||
name = "audit-logs-${each.key}"
|
||||
regions = var.locations.pubsub
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,11 @@
|
|||
*/
|
||||
|
||||
locals {
|
||||
gcs_storage_class = (
|
||||
length(split("-", var.locations.gcs)) > 1
|
||||
? "MULTI-REGIONAL"
|
||||
: "REGIONAL"
|
||||
)
|
||||
groups = {
|
||||
for k, v in var.groups :
|
||||
k => "${v}@${var.organization.domain}"
|
||||
|
|
|
|||
|
|
@ -41,6 +41,9 @@ locals {
|
|||
[module.automation-tf-bootstrap-sa.iam_email],
|
||||
local._iam_bootstrap_user
|
||||
)
|
||||
"roles/resourcemanager.projectMover" = [
|
||||
module.automation-tf-bootstrap-sa.iam_email
|
||||
]
|
||||
"roles/resourcemanager.tagAdmin" = [
|
||||
module.automation-tf-resman-sa.iam_email
|
||||
]
|
||||
|
|
|
|||
|
|
@ -70,6 +70,7 @@ locals {
|
|||
billing_account = var.billing_account
|
||||
fast_features = var.fast_features
|
||||
groups = var.groups
|
||||
locations = var.locations
|
||||
organization = var.organization
|
||||
prefix = var.prefix
|
||||
}
|
||||
|
|
|
|||
|
|
@ -149,6 +149,23 @@ variable "iam_additive" {
|
|||
default = {}
|
||||
}
|
||||
|
||||
variable "locations" {
|
||||
description = "Optional locations for GCS, BigQuery, and logging buckets created here."
|
||||
type = object({
|
||||
bq = string
|
||||
gcs = string
|
||||
logging = string
|
||||
pubsub = list(string)
|
||||
})
|
||||
default = {
|
||||
bq = "EU"
|
||||
gcs = "EU"
|
||||
logging = "global"
|
||||
pubsub = []
|
||||
}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
# See https://cloud.google.com/architecture/exporting-stackdriver-logging-for-security-and-access-analytics
|
||||
# for additional logging filter examples
|
||||
variable "log_sinks" {
|
||||
|
|
@ -200,3 +217,18 @@ variable "prefix" {
|
|||
error_message = "Use a maximum of 9 characters for prefix."
|
||||
}
|
||||
}
|
||||
|
||||
variable "project_parent_ids" {
|
||||
description = "Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent."
|
||||
type = object({
|
||||
automation = string
|
||||
billing = string
|
||||
logging = string
|
||||
})
|
||||
default = {
|
||||
automation = null
|
||||
billing = null
|
||||
logging = null
|
||||
}
|
||||
nullable = false
|
||||
}
|
||||
|
|
|
|||
|
|
@ -180,16 +180,17 @@ Due to its simplicity, this stage lends itself easily to customizations: adding
|
|||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L20) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string project_id = string project_number = string federated_identity_pool = string federated_identity_providers = map(object({ issuer = string issuer_uri = string name = string principal_tpl = string principalset_tpl = string })) })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L38) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object({ id = string organization_id = number })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [organization](variables.tf#L159) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [prefix](variables.tf#L183) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [organization](variables.tf#L177) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [prefix](variables.tf#L201) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [cicd_repositories](variables.tf#L47) | CI/CD repository configuration. Identity providers reference keys in the `automation.federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | <code title="object({ data_platform_dev = object({ branch = string identity_provider = string name = string type = string }) data_platform_prod = object({ branch = string identity_provider = string name = string type = string }) networking = object({ branch = string identity_provider = string name = string type = string }) project_factory_dev = object({ branch = string identity_provider = string name = string type = string }) project_factory_prod = object({ branch = string identity_provider = string name = string type = string }) security = object({ branch = string identity_provider = string name = string type = string }) })">object({…})</code> | | <code>null</code> | |
|
||||
| [custom_roles](variables.tf#L117) | Custom roles defined at the org level, in key => id format. | <code title="object({ service_project_network_admin = string })">object({…})</code> | | <code>null</code> | <code>00-bootstrap</code> |
|
||||
| [fast_features](variables.tf#L126) | Selective control for top-level FAST features. | <code title="object({ data_platform = bool project_factory = bool sandbox = bool teams = bool })">object({…})</code> | | <code title="{ data_platform = true project_factory = true sandbox = true teams = true }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [groups](variables.tf#L144) | Group names to grant organization-level permissions. | <code>map(string)</code> | | <code title="{ gcp-billing-admins = "gcp-billing-admins", gcp-devops = "gcp-devops", gcp-network-admins = "gcp-network-admins" gcp-organization-admins = "gcp-organization-admins" gcp-security-admins = "gcp-security-admins" gcp-support = "gcp-support" }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [organization_policy_configs](variables.tf#L169) | Organization policies customization. | <code title="object({ allowed_policy_member_domains = list(string) })">object({…})</code> | | <code>null</code> | |
|
||||
| [outputs_location](variables.tf#L177) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [tag_names](variables.tf#L194) | Customized names for resource management tags. | <code title="object({ context = string environment = string })">object({…})</code> | | <code title="{ context = "context" environment = "environment" }">{…}</code> | |
|
||||
| [team_folders](variables.tf#L211) | Team folders to be created. Format is described in a code comment. | <code title="map(object({ descriptive_name = string group_iam = map(list(string)) impersonation_groups = list(string) }))">map(object({…}))</code> | | <code>null</code> | |
|
||||
| [locations](variables.tf#L159) | Optional locations for GCS, BigQuery, and logging buckets created here. | <code title="object({ bq = string gcs = string logging = string pubsub = list(string) })">object({…})</code> | | <code title="{ bq = "EU" gcs = "EU" logging = "global" pubsub = [] }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [organization_policy_configs](variables.tf#L187) | Organization policies customization. | <code title="object({ allowed_policy_member_domains = list(string) })">object({…})</code> | | <code>null</code> | |
|
||||
| [outputs_location](variables.tf#L195) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [tag_names](variables.tf#L212) | Customized names for resource management tags. | <code title="object({ context = string environment = string })">object({…})</code> | | <code title="{ context = "context" environment = "environment" }">{…}</code> | |
|
||||
| [team_folders](variables.tf#L229) | Team folders to be created. Format is described in a code comment. | <code title="map(object({ descriptive_name = string group_iam = map(list(string)) impersonation_groups = list(string) }))">map(object({…}))</code> | | <code>null</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -139,12 +139,14 @@ moved {
|
|||
}
|
||||
|
||||
module "branch-dp-dev-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.data_platform ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "dev-resman-dp-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.data_platform ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "dev-resman-dp-0"
|
||||
prefix = var.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-dp-dev-sa.0.iam_email]
|
||||
}
|
||||
|
|
@ -156,12 +158,14 @@ moved {
|
|||
}
|
||||
|
||||
module "branch-dp-prod-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.data_platform ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-dp-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.data_platform ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-dp-0"
|
||||
prefix = var.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-dp-prod-sa.0.iam_email]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -98,11 +98,13 @@ module "branch-network-sa" {
|
|||
}
|
||||
|
||||
module "branch-network-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-net-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-net-0"
|
||||
prefix = var.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-network-sa.iam_email]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -68,12 +68,14 @@ moved {
|
|||
}
|
||||
|
||||
module "branch-pf-dev-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.project_factory ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "dev-resman-pf-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.project_factory ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "dev-resman-pf-0"
|
||||
prefix = var.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-pf-dev-sa.0.iam_email]
|
||||
}
|
||||
|
|
@ -85,12 +87,14 @@ moved {
|
|||
}
|
||||
|
||||
module "branch-pf-prod-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.project_factory ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-pf-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.project_factory ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-pf-0"
|
||||
prefix = var.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-pf-prod-sa.0.iam_email]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,12 +56,14 @@ moved {
|
|||
}
|
||||
|
||||
module "branch-sandbox-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.sandbox ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "dev-resman-sbox-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.sandbox ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "dev-resman-sbox-0"
|
||||
prefix = var.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-sandbox-sa.0.iam_email]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -65,11 +65,13 @@ module "branch-security-sa" {
|
|||
}
|
||||
|
||||
module "branch-security-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-sec-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-sec-0"
|
||||
prefix = var.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-security-sa.iam_email]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -57,12 +57,14 @@ module "branch-teams-sa" {
|
|||
}
|
||||
|
||||
module "branch-teams-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.teams ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-teams-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
count = var.fast_features.teams ? 1 : 0
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-teams-0"
|
||||
prefix = var.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-teams-sa.0.iam_email]
|
||||
}
|
||||
|
|
@ -102,12 +104,14 @@ module "branch-teams-team-sa" {
|
|||
}
|
||||
|
||||
module "branch-teams-team-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
for_each = var.fast_features.teams ? coalesce(var.team_folders, {}) : {}
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-teams-${each.key}-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
source = "../../../modules/gcs"
|
||||
for_each = var.fast_features.teams ? coalesce(var.team_folders, {}) : {}
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-teams-${each.key}-0"
|
||||
prefix = var.prefix
|
||||
location = var.locations.gcs
|
||||
storage_class = local.gcs_storage_class
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-teams-team-sa[each.key].iam_email]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -64,6 +64,11 @@ locals {
|
|||
]
|
||||
}
|
||||
custom_roles = coalesce(var.custom_roles, {})
|
||||
gcs_storage_class = (
|
||||
length(split("-", var.locations.gcs)) > 1
|
||||
? "MULTI-REGIONAL"
|
||||
: "REGIONAL"
|
||||
)
|
||||
groups = {
|
||||
for k, v in var.groups :
|
||||
k => "${v}@${var.organization.domain}"
|
||||
|
|
|
|||
|
|
@ -156,6 +156,24 @@ variable "groups" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "locations" {
|
||||
# tfdoc:variable:source 00-bootstrap
|
||||
description = "Optional locations for GCS, BigQuery, and logging buckets created here."
|
||||
type = object({
|
||||
bq = string
|
||||
gcs = string
|
||||
logging = string
|
||||
pubsub = list(string)
|
||||
})
|
||||
default = {
|
||||
bq = "EU"
|
||||
gcs = "EU"
|
||||
logging = "global"
|
||||
pubsub = []
|
||||
}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 00-bootstrap
|
||||
description = "Organization details."
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ def pytest_generate_tests(metafunc):
|
|||
continue
|
||||
examples.append(code)
|
||||
path = module.relative_to(FABRIC_ROOT)
|
||||
name = f'{path}/{module.stem}:{last_header}'
|
||||
name = f'{path}:{last_header}'
|
||||
if index > 1:
|
||||
name += f' {index}'
|
||||
ids.append(name)
|
||||
|
|
|
|||
Loading…
Reference in New Issue