Merge pull request #22 from terraform-google-modules/ludo-project-dependency-fixed
Update module versions, fix project service dependency
This commit is contained in:
commit
b798309bfe
|
@ -39,7 +39,7 @@ module "shared-folder" {
|
||||||
|
|
||||||
module "project-tf" {
|
module "project-tf" {
|
||||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||||
version = "3.3.1"
|
version = "5.0.0"
|
||||||
parent = module.shared-folder.id
|
parent = module.shared-folder.id
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
|
@ -53,7 +53,7 @@ module "project-tf" {
|
||||||
|
|
||||||
module "service-accounts-tf-environments" {
|
module "service-accounts-tf-environments" {
|
||||||
source = "terraform-google-modules/service-accounts/google"
|
source = "terraform-google-modules/service-accounts/google"
|
||||||
version = "2.0.0"
|
version = "2.0.1"
|
||||||
project_id = module.project-tf.project_id
|
project_id = module.project-tf.project_id
|
||||||
org_id = var.organization_id
|
org_id = var.organization_id
|
||||||
billing_account_id = var.billing_account_id
|
billing_account_id = var.billing_account_id
|
||||||
|
@ -97,8 +97,7 @@ module "gcs-tf-environments" {
|
||||||
# Business unit 1
|
# Business unit 1
|
||||||
|
|
||||||
module "business-unit-1-folders" {
|
module "business-unit-1-folders" {
|
||||||
source = "./modules/business-unit-folders"
|
source = "./modules/business-unit-folders"
|
||||||
|
|
||||||
business_unit_folder_name = var.business_unit_1_name
|
business_unit_folder_name = var.business_unit_1_name
|
||||||
environments = var.environments
|
environments = var.environments
|
||||||
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
|
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
|
||||||
|
@ -109,8 +108,7 @@ module "business-unit-1-folders" {
|
||||||
# Business unit 2
|
# Business unit 2
|
||||||
|
|
||||||
module "business-unit-2-folders" {
|
module "business-unit-2-folders" {
|
||||||
source = "./modules/business-unit-folders"
|
source = "./modules/business-unit-folders"
|
||||||
|
|
||||||
business_unit_folder_name = var.business_unit_2_name
|
business_unit_folder_name = var.business_unit_2_name
|
||||||
environments = var.environments
|
environments = var.environments
|
||||||
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
|
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
|
||||||
|
@ -121,8 +119,7 @@ module "business-unit-2-folders" {
|
||||||
# Business unit 3
|
# Business unit 3
|
||||||
|
|
||||||
module "business-unit-3-folders" {
|
module "business-unit-3-folders" {
|
||||||
source = "./modules/business-unit-folders"
|
source = "./modules/business-unit-folders"
|
||||||
|
|
||||||
business_unit_folder_name = var.business_unit_3_name
|
business_unit_folder_name = var.business_unit_3_name
|
||||||
environments = var.environments
|
environments = var.environments
|
||||||
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
|
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
|
||||||
|
@ -138,21 +135,23 @@ module "business-unit-3-folders" {
|
||||||
|
|
||||||
module "project-audit" {
|
module "project-audit" {
|
||||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||||
version = "3.3.1"
|
version = "5.0.0"
|
||||||
parent = module.shared-folder.id
|
parent = module.shared-folder.id
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
name = "audit"
|
name = "audit"
|
||||||
lien_reason = "audit"
|
lien_reason = "audit"
|
||||||
activate_apis = var.project_services
|
|
||||||
viewers = var.audit_viewers
|
viewers = var.audit_viewers
|
||||||
|
activate_apis = concat(var.project_services, [
|
||||||
|
"bigquery.googleapis.com",
|
||||||
|
])
|
||||||
}
|
}
|
||||||
|
|
||||||
# Audit logs destination on BigQuery
|
# Audit logs destination on BigQuery
|
||||||
|
|
||||||
module "bq-audit-export" {
|
module "bq-audit-export" {
|
||||||
source = "terraform-google-modules/log-export/google//modules/bigquery"
|
source = "terraform-google-modules/log-export/google//modules/bigquery"
|
||||||
version = "3.0.0"
|
version = "3.1.0"
|
||||||
project_id = module.project-audit.project_id
|
project_id = module.project-audit.project_id
|
||||||
dataset_name = "${replace(local.log_sink_name, "-", "_")}"
|
dataset_name = "${replace(local.log_sink_name, "-", "_")}"
|
||||||
log_sink_writer_identity = module.log-sink-audit.writer_identity
|
log_sink_writer_identity = module.log-sink-audit.writer_identity
|
||||||
|
@ -162,7 +161,7 @@ module "bq-audit-export" {
|
||||||
|
|
||||||
module "log-sink-audit" {
|
module "log-sink-audit" {
|
||||||
source = "terraform-google-modules/log-export/google"
|
source = "terraform-google-modules/log-export/google"
|
||||||
version = "3.0.0"
|
version = "3.1.0"
|
||||||
filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
|
filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
|
||||||
log_sink_name = local.log_sink_name
|
log_sink_name = local.log_sink_name
|
||||||
parent_resource_type = local.log_sink_parent_resource_type
|
parent_resource_type = local.log_sink_parent_resource_type
|
||||||
|
@ -180,7 +179,7 @@ module "log-sink-audit" {
|
||||||
|
|
||||||
module "project-shared-resources" {
|
module "project-shared-resources" {
|
||||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||||
version = "3.3.1"
|
version = "5.0.0"
|
||||||
parent = module.shared-folder.id
|
parent = module.shared-folder.id
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
|
|
|
@ -86,23 +86,7 @@ variable "terraform_owners" {
|
||||||
variable "project_services" {
|
variable "project_services" {
|
||||||
description = "Service APIs enabled by default in new projects."
|
description = "Service APIs enabled by default in new projects."
|
||||||
default = [
|
default = [
|
||||||
"bigquery-json.googleapis.com",
|
|
||||||
"bigquerystorage.googleapis.com",
|
|
||||||
"cloudbilling.googleapis.com",
|
|
||||||
"cloudresourcemanager.googleapis.com",
|
|
||||||
"compute.googleapis.com",
|
|
||||||
"container.googleapis.com",
|
|
||||||
"containerregistry.googleapis.com",
|
|
||||||
"deploymentmanager.googleapis.com",
|
|
||||||
"iam.googleapis.com",
|
|
||||||
"iamcredentials.googleapis.com",
|
|
||||||
"logging.googleapis.com",
|
|
||||||
"oslogin.googleapis.com",
|
|
||||||
"pubsub.googleapis.com",
|
|
||||||
"replicapool.googleapis.com",
|
|
||||||
"replicapoolupdater.googleapis.com",
|
|
||||||
"resourceviews.googleapis.com",
|
"resourceviews.googleapis.com",
|
||||||
"serviceusage.googleapis.com",
|
"stackdriver.googleapis.com",
|
||||||
"storage-api.googleapis.com",
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
|
|
||||||
module "project-tf" {
|
module "project-tf" {
|
||||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||||
version = "3.3.1"
|
version = "5.0.0"
|
||||||
parent = var.root_node
|
parent = var.root_node
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
|
@ -34,7 +34,7 @@ module "project-tf" {
|
||||||
|
|
||||||
module "service-accounts-tf-environments" {
|
module "service-accounts-tf-environments" {
|
||||||
source = "terraform-google-modules/service-accounts/google"
|
source = "terraform-google-modules/service-accounts/google"
|
||||||
version = "2.0.0"
|
version = "2.0.1"
|
||||||
project_id = module.project-tf.project_id
|
project_id = module.project-tf.project_id
|
||||||
org_id = var.organization_id
|
org_id = var.organization_id
|
||||||
billing_account_id = var.billing_account_id
|
billing_account_id = var.billing_account_id
|
||||||
|
@ -102,21 +102,23 @@ module "folders-top-level" {
|
||||||
|
|
||||||
module "project-audit" {
|
module "project-audit" {
|
||||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||||
version = "3.3.1"
|
version = "5.0.0"
|
||||||
parent = var.root_node
|
parent = var.root_node
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
name = "audit"
|
name = "audit"
|
||||||
lien_reason = "audit"
|
lien_reason = "audit"
|
||||||
activate_apis = var.project_services
|
activate_apis = concat(var.project_services, [
|
||||||
viewers = var.audit_viewers
|
"bigquery.googleapis.com",
|
||||||
|
])
|
||||||
|
viewers = var.audit_viewers
|
||||||
}
|
}
|
||||||
|
|
||||||
# audit logs destination on BigQuery
|
# audit logs destination on BigQuery
|
||||||
|
|
||||||
module "bq-audit-export" {
|
module "bq-audit-export" {
|
||||||
source = "terraform-google-modules/log-export/google//modules/bigquery"
|
source = "terraform-google-modules/log-export/google//modules/bigquery"
|
||||||
version = "3.0.0"
|
version = "3.1.0"
|
||||||
project_id = module.project-audit.project_id
|
project_id = module.project-audit.project_id
|
||||||
dataset_name = "logs_audit_${replace(var.environments[0], "-", "_")}"
|
dataset_name = "logs_audit_${replace(var.environments[0], "-", "_")}"
|
||||||
log_sink_writer_identity = module.log-sink-audit.writer_identity
|
log_sink_writer_identity = module.log-sink-audit.writer_identity
|
||||||
|
@ -127,7 +129,7 @@ module "bq-audit-export" {
|
||||||
|
|
||||||
module "log-sink-audit" {
|
module "log-sink-audit" {
|
||||||
source = "terraform-google-modules/log-export/google"
|
source = "terraform-google-modules/log-export/google"
|
||||||
version = "3.0.0"
|
version = "3.1.0"
|
||||||
filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
|
filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
|
||||||
log_sink_name = "logs-audit-${var.environments[0]}"
|
log_sink_name = "logs-audit-${var.environments[0]}"
|
||||||
parent_resource_type = "folder"
|
parent_resource_type = "folder"
|
||||||
|
@ -146,7 +148,7 @@ module "log-sink-audit" {
|
||||||
|
|
||||||
module "project-shared-resources" {
|
module "project-shared-resources" {
|
||||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||||
version = "3.3.1"
|
version = "5.0.0"
|
||||||
parent = var.root_node
|
parent = var.root_node
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
|
|
|
@ -81,23 +81,7 @@ variable "terraform_owners" {
|
||||||
variable "project_services" {
|
variable "project_services" {
|
||||||
description = "Service APIs enabled by default in new projects."
|
description = "Service APIs enabled by default in new projects."
|
||||||
default = [
|
default = [
|
||||||
"bigquery-json.googleapis.com",
|
|
||||||
"bigquerystorage.googleapis.com",
|
|
||||||
"cloudbilling.googleapis.com",
|
|
||||||
"cloudresourcemanager.googleapis.com",
|
|
||||||
"compute.googleapis.com",
|
|
||||||
"container.googleapis.com",
|
|
||||||
"containerregistry.googleapis.com",
|
|
||||||
"deploymentmanager.googleapis.com",
|
|
||||||
"iam.googleapis.com",
|
|
||||||
"iamcredentials.googleapis.com",
|
|
||||||
"logging.googleapis.com",
|
|
||||||
"oslogin.googleapis.com",
|
|
||||||
"pubsub.googleapis.com",
|
|
||||||
"replicapool.googleapis.com",
|
|
||||||
"replicapoolupdater.googleapis.com",
|
|
||||||
"resourceviews.googleapis.com",
|
"resourceviews.googleapis.com",
|
||||||
"serviceusage.googleapis.com",
|
"stackdriver.googleapis.com",
|
||||||
"storage-api.googleapis.com",
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,20 +20,23 @@
|
||||||
|
|
||||||
module "project-svpc-host" {
|
module "project-svpc-host" {
|
||||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||||
version = "3.3.1"
|
version = "5.0.0"
|
||||||
parent = var.root_node
|
parent = var.root_node
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
name = "vpc-host"
|
name = "vpc-host"
|
||||||
billing_account = var.billing_account_id
|
billing_account = var.billing_account_id
|
||||||
owners = var.owners_host
|
owners = var.owners_host
|
||||||
activate_apis = var.project_services
|
activate_apis = concat(
|
||||||
|
var.project_services,
|
||||||
|
["dns.googleapis.com", "cloudkms.googleapis.com"]
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
# service projects
|
# service projects
|
||||||
|
|
||||||
module "project-service-gce" {
|
module "project-service-gce" {
|
||||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||||
version = "3.3.1"
|
version = "5.0.0"
|
||||||
parent = var.root_node
|
parent = var.root_node
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
name = "gce"
|
name = "gce"
|
||||||
|
@ -47,7 +50,7 @@ module "project-service-gce" {
|
||||||
|
|
||||||
module "project-service-gke" {
|
module "project-service-gke" {
|
||||||
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
source = "terraform-google-modules/project-factory/google//modules/fabric-project"
|
||||||
version = "3.3.1"
|
version = "5.0.0"
|
||||||
parent = var.root_node
|
parent = var.root_node
|
||||||
prefix = var.prefix
|
prefix = var.prefix
|
||||||
name = "gke"
|
name = "gke"
|
||||||
|
@ -105,7 +108,8 @@ module "net-svpc-access" {
|
||||||
host_project_id = module.project-svpc-host.project_id
|
host_project_id = module.project-svpc-host.project_id
|
||||||
service_project_num = 2
|
service_project_num = 2
|
||||||
service_project_ids = [
|
service_project_ids = [
|
||||||
module.project-service-gce.project_id, module.project-service-gke.project_id
|
module.project-service-gce.project_id,
|
||||||
|
module.project-service-gke.project_id
|
||||||
]
|
]
|
||||||
host_subnets = ["gce", "gke"]
|
host_subnets = ["gce", "gke"]
|
||||||
host_subnet_regions = compact([
|
host_subnet_regions = compact([
|
||||||
|
|
|
@ -107,25 +107,7 @@ variable "subnet_secondary_ranges" {
|
||||||
variable "project_services" {
|
variable "project_services" {
|
||||||
description = "Service APIs enabled by default in new projects."
|
description = "Service APIs enabled by default in new projects."
|
||||||
default = [
|
default = [
|
||||||
"bigquery-json.googleapis.com",
|
|
||||||
"bigquerystorage.googleapis.com",
|
|
||||||
"cloudbilling.googleapis.com",
|
|
||||||
"cloudkms.googleapis.com",
|
|
||||||
"cloudresourcemanager.googleapis.com",
|
|
||||||
"compute.googleapis.com",
|
|
||||||
"container.googleapis.com",
|
|
||||||
"containerregistry.googleapis.com",
|
|
||||||
"deploymentmanager.googleapis.com",
|
|
||||||
"dns.googleapis.com",
|
|
||||||
"iam.googleapis.com",
|
|
||||||
"iamcredentials.googleapis.com",
|
|
||||||
"logging.googleapis.com",
|
|
||||||
"oslogin.googleapis.com",
|
|
||||||
"pubsub.googleapis.com",
|
|
||||||
"replicapool.googleapis.com",
|
|
||||||
"replicapoolupdater.googleapis.com",
|
|
||||||
"resourceviews.googleapis.com",
|
"resourceviews.googleapis.com",
|
||||||
"serviceusage.googleapis.com",
|
"stackdriver.googleapis.com",
|
||||||
"storage-api.googleapis.com",
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,6 +41,6 @@ def test_project_services(plan, project_modules):
|
||||||
"Project service resource must enable APIs specified in the variable."
|
"Project service resource must enable APIs specified in the variable."
|
||||||
num_services = len(plan.variables['project_services'])
|
num_services = len(plan.variables['project_services'])
|
||||||
for mod in project_modules.values():
|
for mod in project_modules.values():
|
||||||
project_services = [r for r in mod.child_modules['module.project_services'].resources if r.startswith(
|
project_services = [r for r in mod.resources if r.startswith(
|
||||||
'google_project_service.project_services')]
|
'google_project_service.project_services')]
|
||||||
assert len(project_services) == num_services
|
assert len(project_services) >= num_services
|
||||||
|
|
|
@ -39,6 +39,6 @@ def test_project_services(plan, project_modules):
|
||||||
"Project service resource must enable APIs specified in the variable."
|
"Project service resource must enable APIs specified in the variable."
|
||||||
num_services = len(plan.variables['project_services'])
|
num_services = len(plan.variables['project_services'])
|
||||||
for mod in project_modules.values():
|
for mod in project_modules.values():
|
||||||
project_services = [r for r in mod.child_modules['module.project_services'].resources if r.startswith(
|
project_services = [r for r in mod.resources if r.startswith(
|
||||||
'google_project_service.project_services')]
|
'google_project_service.project_services')]
|
||||||
assert len(project_services) == num_services
|
assert len(project_services) >= num_services
|
||||||
|
|
Loading…
Reference in New Issue