Merge pull request #22 from terraform-google-modules/ludo-project-dependency-fixed
Update module versions, fix project service dependency
This commit is contained in:
Aleksandr Averbukh
GitHub
commit
b798309bfe
|
|
@ -39,7 +39,7 @@ module "shared-folder" {
|
|||
|
||||
module "project-tf" {
|
||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||
version = "3.3.1"
|
||||
version = "5.0.0"
|
||||
parent = module.shared-folder.id
|
||||
billing_account = var.billing_account_id
|
||||
prefix = var.prefix
|
||||
|
|
@ -53,7 +53,7 @@ module "project-tf" {
|
|||
|
||||
module "service-accounts-tf-environments" {
|
||||
source = "terraform-google-modules/service-accounts/google"
|
||||
version = "2.0.0"
|
||||
version = "2.0.1"
|
||||
project_id = module.project-tf.project_id
|
||||
org_id = var.organization_id
|
||||
billing_account_id = var.billing_account_id
|
||||
|
|
@ -97,8 +97,7 @@ module "gcs-tf-environments" {
|
|||
# Business unit 1
|
||||
|
||||
module "business-unit-1-folders" {
|
||||
source = "./modules/business-unit-folders"
|
||||
|
||||
source = "./modules/business-unit-folders"
|
||||
business_unit_folder_name = var.business_unit_1_name
|
||||
environments = var.environments
|
||||
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
|
||||
|
|
@ -109,8 +108,7 @@ module "business-unit-1-folders" {
|
|||
# Business unit 2
|
||||
|
||||
module "business-unit-2-folders" {
|
||||
source = "./modules/business-unit-folders"
|
||||
|
||||
source = "./modules/business-unit-folders"
|
||||
business_unit_folder_name = var.business_unit_2_name
|
||||
environments = var.environments
|
||||
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
|
||||
|
|
@ -121,8 +119,7 @@ module "business-unit-2-folders" {
|
|||
# Business unit 3
|
||||
|
||||
module "business-unit-3-folders" {
|
||||
source = "./modules/business-unit-folders"
|
||||
|
||||
source = "./modules/business-unit-folders"
|
||||
business_unit_folder_name = var.business_unit_3_name
|
||||
environments = var.environments
|
||||
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
|
||||
|
|
@ -138,21 +135,23 @@ module "business-unit-3-folders" {
|
|||
|
||||
module "project-audit" {
|
||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||
version = "3.3.1"
|
||||
version = "5.0.0"
|
||||
parent = module.shared-folder.id
|
||||
billing_account = var.billing_account_id
|
||||
prefix = var.prefix
|
||||
name = "audit"
|
||||
lien_reason = "audit"
|
||||
activate_apis = var.project_services
|
||||
viewers = var.audit_viewers
|
||||
activate_apis = concat(var.project_services, [
|
||||
"bigquery.googleapis.com",
|
||||
])
|
||||
}
|
||||
|
||||
# Audit logs destination on BigQuery
|
||||
|
||||
module "bq-audit-export" {
|
||||
source = "terraform-google-modules/log-export/google//modules/bigquery"
|
||||
version = "3.0.0"
|
||||
version = "3.1.0"
|
||||
project_id = module.project-audit.project_id
|
||||
dataset_name = "${replace(local.log_sink_name, "-", "_")}"
|
||||
log_sink_writer_identity = module.log-sink-audit.writer_identity
|
||||
|
|
@ -162,7 +161,7 @@ module "bq-audit-export" {
|
|||
|
||||
module "log-sink-audit" {
|
||||
source = "terraform-google-modules/log-export/google"
|
||||
version = "3.0.0"
|
||||
version = "3.1.0"
|
||||
filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
|
||||
log_sink_name = local.log_sink_name
|
||||
parent_resource_type = local.log_sink_parent_resource_type
|
||||
|
|
@ -180,7 +179,7 @@ module "log-sink-audit" {
|
|||
|
||||
module "project-shared-resources" {
|
||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||
version = "3.3.1"
|
||||
version = "5.0.0"
|
||||
parent = module.shared-folder.id
|
||||
billing_account = var.billing_account_id
|
||||
prefix = var.prefix
|
||||
|
|
|
|||
|
|
@ -86,23 +86,7 @@ variable "terraform_owners" {
|
|||
variable "project_services" {
|
||||
description = "Service APIs enabled by default in new projects."
|
||||
default = [
|
||||
"bigquery-json.googleapis.com",
|
||||
"bigquerystorage.googleapis.com",
|
||||
"cloudbilling.googleapis.com",
|
||||
"cloudresourcemanager.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
"container.googleapis.com",
|
||||
"containerregistry.googleapis.com",
|
||||
"deploymentmanager.googleapis.com",
|
||||
"iam.googleapis.com",
|
||||
"iamcredentials.googleapis.com",
|
||||
"logging.googleapis.com",
|
||||
"oslogin.googleapis.com",
|
||||
"pubsub.googleapis.com",
|
||||
"replicapool.googleapis.com",
|
||||
"replicapoolupdater.googleapis.com",
|
||||
"resourceviews.googleapis.com",
|
||||
"serviceusage.googleapis.com",
|
||||
"storage-api.googleapis.com",
|
||||
"stackdriver.googleapis.com",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@
|
|||
|
||||
module "project-tf" {
|
||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||
version = "3.3.1"
|
||||
version = "5.0.0"
|
||||
parent = var.root_node
|
||||
billing_account = var.billing_account_id
|
||||
prefix = var.prefix
|
||||
|
|
@ -34,7 +34,7 @@ module "project-tf" {
|
|||
|
||||
module "service-accounts-tf-environments" {
|
||||
source = "terraform-google-modules/service-accounts/google"
|
||||
version = "2.0.0"
|
||||
version = "2.0.1"
|
||||
project_id = module.project-tf.project_id
|
||||
org_id = var.organization_id
|
||||
billing_account_id = var.billing_account_id
|
||||
|
|
@ -102,21 +102,23 @@ module "folders-top-level" {
|
|||
|
||||
module "project-audit" {
|
||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||
version = "3.3.1"
|
||||
version = "5.0.0"
|
||||
parent = var.root_node
|
||||
billing_account = var.billing_account_id
|
||||
prefix = var.prefix
|
||||
name = "audit"
|
||||
lien_reason = "audit"
|
||||
activate_apis = var.project_services
|
||||
viewers = var.audit_viewers
|
||||
activate_apis = concat(var.project_services, [
|
||||
"bigquery.googleapis.com",
|
||||
])
|
||||
viewers = var.audit_viewers
|
||||
}
|
||||
|
||||
# audit logs destination on BigQuery
|
||||
|
||||
module "bq-audit-export" {
|
||||
source = "terraform-google-modules/log-export/google//modules/bigquery"
|
||||
version = "3.0.0"
|
||||
version = "3.1.0"
|
||||
project_id = module.project-audit.project_id
|
||||
dataset_name = "logs_audit_${replace(var.environments[0], "-", "_")}"
|
||||
log_sink_writer_identity = module.log-sink-audit.writer_identity
|
||||
|
|
@ -127,7 +129,7 @@ module "bq-audit-export" {
|
|||
|
||||
module "log-sink-audit" {
|
||||
source = "terraform-google-modules/log-export/google"
|
||||
version = "3.0.0"
|
||||
version = "3.1.0"
|
||||
filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
|
||||
log_sink_name = "logs-audit-${var.environments[0]}"
|
||||
parent_resource_type = "folder"
|
||||
|
|
@ -146,7 +148,7 @@ module "log-sink-audit" {
|
|||
|
||||
module "project-shared-resources" {
|
||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||
version = "3.3.1"
|
||||
version = "5.0.0"
|
||||
parent = var.root_node
|
||||
billing_account = var.billing_account_id
|
||||
prefix = var.prefix
|
||||
|
|
|
|||
|
|
@ -81,23 +81,7 @@ variable "terraform_owners" {
|
|||
variable "project_services" {
|
||||
description = "Service APIs enabled by default in new projects."
|
||||
default = [
|
||||
"bigquery-json.googleapis.com",
|
||||
"bigquerystorage.googleapis.com",
|
||||
"cloudbilling.googleapis.com",
|
||||
"cloudresourcemanager.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
"container.googleapis.com",
|
||||
"containerregistry.googleapis.com",
|
||||
"deploymentmanager.googleapis.com",
|
||||
"iam.googleapis.com",
|
||||
"iamcredentials.googleapis.com",
|
||||
"logging.googleapis.com",
|
||||
"oslogin.googleapis.com",
|
||||
"pubsub.googleapis.com",
|
||||
"replicapool.googleapis.com",
|
||||
"replicapoolupdater.googleapis.com",
|
||||
"resourceviews.googleapis.com",
|
||||
"serviceusage.googleapis.com",
|
||||
"storage-api.googleapis.com",
|
||||
"stackdriver.googleapis.com",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,20 +20,23 @@
|
|||
|
||||
module "project-svpc-host" {
|
||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||
version = "3.3.1"
|
||||
version = "5.0.0"
|
||||
parent = var.root_node
|
||||
prefix = var.prefix
|
||||
name = "vpc-host"
|
||||
billing_account = var.billing_account_id
|
||||
owners = var.owners_host
|
||||
activate_apis = var.project_services
|
||||
activate_apis = concat(
|
||||
var.project_services,
|
||||
["dns.googleapis.com", "cloudkms.googleapis.com"]
|
||||
)
|
||||
}
|
||||
|
||||
# service projects
|
||||
|
||||
module "project-service-gce" {
|
||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||
version = "3.3.1"
|
||||
version = "5.0.0"
|
||||
parent = var.root_node
|
||||
prefix = var.prefix
|
||||
name = "gce"
|
||||
|
|
@ -47,7 +50,7 @@ module "project-service-gce" {
|
|||
|
||||
module "project-service-gke" {
|
||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||
version = "3.3.1"
|
||||
version = "5.0.0"
|
||||
parent = var.root_node
|
||||
prefix = var.prefix
|
||||
name = "gke"
|
||||
|
|
@ -105,7 +108,8 @@ module "net-svpc-access" {
|
|||
host_project_id = module.project-svpc-host.project_id
|
||||
service_project_num = 2
|
||||
service_project_ids = [
|
||||
module.project-service-gce.project_id, module.project-service-gke.project_id
|
||||
module.project-service-gce.project_id,
|
||||
module.project-service-gke.project_id
|
||||
]
|
||||
host_subnets = ["gce", "gke"]
|
||||
host_subnet_regions = compact([
|
||||
|
|
|
|||
|
|
@ -107,25 +107,7 @@ variable "subnet_secondary_ranges" {
|
|||
variable "project_services" {
|
||||
description = "Service APIs enabled by default in new projects."
|
||||
default = [
|
||||
"bigquery-json.googleapis.com",
|
||||
"bigquerystorage.googleapis.com",
|
||||
"cloudbilling.googleapis.com",
|
||||
"cloudkms.googleapis.com",
|
||||
"cloudresourcemanager.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
"container.googleapis.com",
|
||||
"containerregistry.googleapis.com",
|
||||
"deploymentmanager.googleapis.com",
|
||||
"dns.googleapis.com",
|
||||
"iam.googleapis.com",
|
||||
"iamcredentials.googleapis.com",
|
||||
"logging.googleapis.com",
|
||||
"oslogin.googleapis.com",
|
||||
"pubsub.googleapis.com",
|
||||
"replicapool.googleapis.com",
|
||||
"replicapoolupdater.googleapis.com",
|
||||
"resourceviews.googleapis.com",
|
||||
"serviceusage.googleapis.com",
|
||||
"storage-api.googleapis.com",
|
||||
"stackdriver.googleapis.com",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,6 +41,6 @@ def test_project_services(plan, project_modules):
|
|||
"Project service resource must enable APIs specified in the variable."
|
||||
num_services = len(plan.variables['project_services'])
|
||||
for mod in project_modules.values():
|
||||
project_services = [r for r in mod.child_modules['module.project_services'].resources if r.startswith(
|
||||
project_services = [r for r in mod.resources if r.startswith(
|
||||
'google_project_service.project_services')]
|
||||
assert len(project_services) == num_services
|
||||
assert len(project_services) >= num_services
|
||||
|
|
|
|||
|
|
@ -39,6 +39,6 @@ def test_project_services(plan, project_modules):
|
|||
"Project service resource must enable APIs specified in the variable."
|
||||
num_services = len(plan.variables['project_services'])
|
||||
for mod in project_modules.values():
|
||||
project_services = [r for r in mod.child_modules['module.project_services'].resources if r.startswith(
|
||||
project_services = [r for r in mod.resources if r.startswith(
|
||||
'google_project_service.project_services')]
|
||||
assert len(project_services) == num_services
|
||||
assert len(project_services) >= num_services
|
||||
|
|
|
|||
Loading…
Reference in New Issue