fix remaining issues, align variables
This commit is contained in:
Ludovico Magnocavallo
parent
0c9e2a5767
commit
c5fa5d62e4
|
|
@ -74,8 +74,8 @@ locals {
|
|||
}
|
||||
service_accounts = merge(
|
||||
{
|
||||
data-platform-dev = module.branch-dp-dev-sa.iam_email
|
||||
data-platform-prod = module.branch-dp-prod-sa.iam_email
|
||||
data-platform-dev = module.branch-dp-dev-sa.email
|
||||
data-platform-prod = module.branch-dp-prod-sa.email
|
||||
networking = module.branch-network-sa.email
|
||||
project-factory-dev = module.branch-teams-dev-projectfactory-sa.email
|
||||
project-factory-prod = module.branch-teams-prod-projectfactory-sa.email
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ module "landing-project" {
|
|||
enabled = true
|
||||
service_projects = []
|
||||
}
|
||||
metric_scopes = [module.landing-project.project_id]
|
||||
# metric_scopes = [module.landing-project.project_id]
|
||||
iam = {
|
||||
"roles/dns.admin" = [local.service_accounts.project-factory-prod]
|
||||
(local.custom_roles.service_project_network_admin) = [
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ module "landing-project" {
|
|||
enabled = true
|
||||
service_projects = []
|
||||
}
|
||||
metric_scopes = [module.landing-project.project_id]
|
||||
# metric_scopes = [module.landing-project.project_id]
|
||||
iam = {
|
||||
"roles/dns.admin" = [local.service_accounts.project-factory-prod]
|
||||
(local.custom_roles.service_project_network_admin) = [
|
||||
|
|
|
|||
|
|
@ -25,9 +25,15 @@ locals {
|
|||
prod-landing = module.landing-project.number
|
||||
prod-spoke-0 = module.prod-spoke-project.number
|
||||
}
|
||||
subnet_self_links = {
|
||||
prod-landing = module.landing-vpc.subnet_self_links
|
||||
dev-spoke-0 = module.dev-spoke-vpc.subnet_self_links
|
||||
prod-spoke-0 = module.prod-spoke-vpc.subnet_self_links
|
||||
}
|
||||
tfvars = {
|
||||
host_project_ids = local.host_project_ids
|
||||
host_project_numbers = local.host_project_numbers
|
||||
subnet_self_links = local.subnet_self_links
|
||||
vpc_self_links = local.vpc_self_links
|
||||
}
|
||||
vpc_self_links = {
|
||||
|
|
|
|||
|
|
@ -110,25 +110,27 @@ terraform apply
|
|||
|---|---|---|---|
|
||||
| [main.tf](./main.tf) | Data Platformy. | <code>data-platform-foundations</code> | |
|
||||
| [outputs.tf](./outputs.tf) | Output variables. | | <code>local_file</code> |
|
||||
| [providers.tf](./providers.tf) | Provider configurations. | | |
|
||||
| [variables.tf](./variables.tf) | Terraform Variables. | | |
|
||||
|
||||
## Variables
|
||||
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [billing_account_id](variables.tf#L17) | Billing account id. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [folder_id](variables.tf#L42) | Folder to be used for the networking resources in folders/nnnn format. | <code>string</code> | ✓ | | <code>resman</code> |
|
||||
| [network_config](variables.tf#L58) | Network configurations to use. Specify a shared VPC to use, if null networks will be created in projects. | <code title="object({ host_project = string network_self_link = string subnet_self_links = object({ load = string transformation = string orchestration = string }) })">object({…})</code> | ✓ | | |
|
||||
| [organization_domain](variables.tf#L97) | Organization domain. | <code>string</code> | ✓ | | |
|
||||
| [prefix](variables.tf#L108) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [composer_config](variables.tf#L23) | | <code title="object({ node_count = number airflow_version = string env_variables = map(string) })">object({…})</code> | | <code title="{ node_count = 3 airflow_version = "composer-1.17.5-airflow-2.1.4" env_variables = {} }">{…}</code> | |
|
||||
| [data_force_destroy](variables.tf#L36) | Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage. | <code>bool</code> | | <code>false</code> | |
|
||||
| [groups](variables.tf#L48) | Groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> | |
|
||||
| [network_config_composer](variables.tf#L71) | Network configurations to use for Composer. | <code title="object({ composer_ip_ranges = object({ cloudsql = string gke_master = string web_server = string }) composer_secondary_ranges = object({ pods = string services = string }) })">object({…})</code> | | <code title="{ composer_ip_ranges = { cloudsql = "172.18.29.0/24" gke_master = "172.18.30.0/28" web_server = "172.18.30.16/28" } composer_secondary_ranges = { pods = "pods" services = "services" } }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L102) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_services](variables.tf#L114) | List of core services enabled on all projects. | <code>list(string)</code> | | <code title="[ "cloudresourcemanager.googleapis.com", "iam.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com" ]">[…]</code> | |
|
||||
| [region](variables.tf#L125) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> | |
|
||||
| [billing_account](variables.tf#L17) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object({ id = string organization_id = number })">object({…})</code> | ✓ | | <code>00-globals</code> |
|
||||
| [host_project_ids](variables.tf#L64) | Shared VPC project ids. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>02-networking</code> |
|
||||
| [organization](variables.tf#L90) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-globals</code> |
|
||||
| [prefix](variables.tf#L106) | Unique prefix used for resource names. Not used for projects if 'project_create' is null. | <code>string</code> | ✓ | | <code>00-globals</code> |
|
||||
| [composer_config](variables.tf#L26) | | <code title="object({ node_count = number airflow_version = string env_variables = map(string) })">object({…})</code> | | <code title="{ node_count = 3 airflow_version = "composer-1.17.5-airflow-2.1.4" env_variables = {} }">{…}</code> | |
|
||||
| [data_force_destroy](variables.tf#L39) | Flag to set 'force_destroy' on data services like BigQery or Cloud Storage. | <code>bool</code> | | <code>false</code> | |
|
||||
| [folder_ids](variables.tf#L45) | Folder to be used for the networking resources in folders/nnnn format. | <code title="object({ data-platform = string })">object({…})</code> | | <code>null</code> | <code>01-resman</code> |
|
||||
| [groups](variables.tf#L54) | Groups. | <code>map(string)</code> | | <code title="{ data-analysts = "gcp-data-analysts" data-engineers = "gcp-data-engineers" data-security = "gcp-data-security" }">{…}</code> | |
|
||||
| [network_config_composer](variables.tf#L72) | Network configurations to use for Composer. | <code title="object({ cloudsql_range = string gke_master_range = string gke_pods_name = string gke_services_name = string web_server_range = string })">object({…})</code> | | <code title="{ cloudsql_range = "172.18.29.0/24" gke_master_range = "172.18.30.0/28" gke_pods_name = "pods" gke_services_name = "services" web_server_range = "172.18.30.16/28" }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L100) | Path where providers, tfvars files, and lists for the following stages are written. Leave empty to disable. | <code>string</code> | | <code>null</code> | |
|
||||
| [project_services](variables.tf#L112) | List of core services enabled on all projects. | <code>list(string)</code> | | <code title="[ "cloudresourcemanager.googleapis.com", "iam.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com" ]">[…]</code> | |
|
||||
| [region](variables.tf#L123) | Region used for regional resources. | <code>string</code> | | <code>"europe-west1"</code> | |
|
||||
| [service_encryption_keys](variables.tf#L129) | Cloud KMS to use to encrypt different services. Key location should match service region. | <code title="object({ bq = string composer = string dataflow = string storage = string pubsub = string })">object({…})</code> | | <code>null</code> | |
|
||||
| [subnet_self_links](variables.tf#L141) | Shared VPC subnet self links. | <code title="object({ dev-spoke-0 = map(string) })">object({…})</code> | | <code>null</code> | <code>02-networking</code> |
|
||||
| [vpc_self_links](variables.tf#L150) | Shared VPC self links. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | | <code>null</code> | <code>02-networking</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
|||
|
|
@ -16,22 +16,33 @@
|
|||
|
||||
# tfdoc:file:description Data Platformy.
|
||||
|
||||
locals {
|
||||
_network_config = merge(
|
||||
var.network_config_composer,
|
||||
var.network_config
|
||||
)
|
||||
}
|
||||
|
||||
module "data-platform" {
|
||||
source = "../../../../examples/data-solutions/data-platform-foundations"
|
||||
billing_account_id = var.billing_account_id
|
||||
composer_config = var.composer_config
|
||||
data_force_destroy = var.data_force_destroy
|
||||
folder_id = var.folder_id
|
||||
groups = var.groups
|
||||
network_config = local._network_config
|
||||
organization_domain = var.organization_domain
|
||||
source = "../../../../examples/data-solutions/data-platform-foundations"
|
||||
billing_account_id = var.billing_account.id
|
||||
composer_config = var.composer_config
|
||||
data_force_destroy = var.data_force_destroy
|
||||
folder_id = var.folder_ids.data-platform
|
||||
groups = var.groups
|
||||
network_config = {
|
||||
host_project = var.host_project_ids.dev-spoke-0
|
||||
network_self_link = var.vpc_self_links.dev-spoke-0
|
||||
subnet_self_links = {
|
||||
load = var.subnet_self_links.dev-spoke-0["europe-west1/dev-dataplatform-ew1"]
|
||||
transformation = var.subnet_self_links.dev-spoke-0["europe-west1/dev-dataplatform-ew1"]
|
||||
orchestration = var.subnet_self_links.dev-spoke-0["europe-west1/dev-dataplatform-ew1"]
|
||||
}
|
||||
# TODO: align example variable
|
||||
composer_ip_ranges = {
|
||||
cloudsql = var.network_config_composer.cloudsql_range
|
||||
gke_master = var.network_config_composer.gke_master_range
|
||||
web_server = var.network_config_composer.web_server_range
|
||||
}
|
||||
composer_secondary_ranges = {
|
||||
pods = var.network_config_composer.gke_pods_name
|
||||
services = var.network_config_composer.gke_services_name
|
||||
}
|
||||
}
|
||||
organization_domain = var.organization.domain
|
||||
prefix = var.prefix
|
||||
project_services = var.project_services
|
||||
region = var.region
|
||||
|
|
|
|||
|
|
@ -14,10 +14,13 @@
|
|||
|
||||
# tfdoc:file:description Terraform Variables.
|
||||
|
||||
variable "billing_account_id" {
|
||||
# tfdoc:variable:source 00-bootstrap
|
||||
description = "Billing account id."
|
||||
type = string
|
||||
variable "billing_account" {
|
||||
# tfdoc:variable:source 00-globals
|
||||
description = "Billing account id and organization id ('nnnnnnnn' or null)."
|
||||
type = object({
|
||||
id = string
|
||||
organization_id = number
|
||||
})
|
||||
}
|
||||
|
||||
variable "composer_config" {
|
||||
|
|
@ -34,15 +37,18 @@ variable "composer_config" {
|
|||
}
|
||||
|
||||
variable "data_force_destroy" {
|
||||
description = "Flag to set 'force_destroy' on data services like BiguQery or Cloud Storage."
|
||||
description = "Flag to set 'force_destroy' on data services like BigQery or Cloud Storage."
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "folder_id" {
|
||||
# tfdoc:variable:source resman
|
||||
variable "folder_ids" {
|
||||
# tfdoc:variable:source 01-resman
|
||||
description = "Folder to be used for the networking resources in folders/nnnn format."
|
||||
type = string
|
||||
type = object({
|
||||
data-platform = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "groups" {
|
||||
|
|
@ -55,48 +61,40 @@ variable "groups" {
|
|||
}
|
||||
}
|
||||
|
||||
variable "network_config" {
|
||||
description = "Network configurations to use. Specify a shared VPC to use, if null networks will be created in projects."
|
||||
variable "host_project_ids" {
|
||||
# tfdoc:variable:source 02-networking
|
||||
description = "Shared VPC project ids."
|
||||
type = object({
|
||||
host_project = string
|
||||
network_self_link = string
|
||||
subnet_self_links = object({
|
||||
load = string
|
||||
transformation = string
|
||||
orchestration = string
|
||||
})
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "network_config_composer" {
|
||||
description = "Network configurations to use for Composer."
|
||||
type = object({
|
||||
composer_ip_ranges = object({
|
||||
cloudsql = string
|
||||
gke_master = string
|
||||
web_server = string
|
||||
})
|
||||
composer_secondary_ranges = object({
|
||||
pods = string
|
||||
services = string
|
||||
})
|
||||
cloudsql_range = string
|
||||
gke_master_range = string
|
||||
gke_pods_name = string
|
||||
gke_services_name = string
|
||||
web_server_range = string
|
||||
})
|
||||
default = {
|
||||
composer_ip_ranges = {
|
||||
cloudsql = "172.18.29.0/24"
|
||||
gke_master = "172.18.30.0/28"
|
||||
web_server = "172.18.30.16/28"
|
||||
}
|
||||
composer_secondary_ranges = {
|
||||
pods = "pods"
|
||||
services = "services"
|
||||
}
|
||||
cloudsql_range = "172.18.29.0/24"
|
||||
gke_master_range = "172.18.30.0/28"
|
||||
gke_pods_name = "pods"
|
||||
gke_services_name = "services"
|
||||
web_server_range = "172.18.30.16/28"
|
||||
}
|
||||
}
|
||||
|
||||
variable "organization_domain" {
|
||||
description = "Organization domain."
|
||||
type = string
|
||||
variable "organization" {
|
||||
# tfdoc:variable:source 00-globals
|
||||
description = "Organization details."
|
||||
type = object({
|
||||
domain = string
|
||||
id = number
|
||||
customer_id = string
|
||||
})
|
||||
}
|
||||
|
||||
variable "outputs_location" {
|
||||
|
|
@ -106,7 +104,7 @@ variable "outputs_location" {
|
|||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 00-bootstrap
|
||||
# tfdoc:variable:source 00-globals
|
||||
description = "Unique prefix used for resource names. Not used for projects if 'project_create' is null."
|
||||
type = string
|
||||
}
|
||||
|
|
@ -128,7 +126,7 @@ variable "region" {
|
|||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "service_encryption_keys" { # service encription key
|
||||
variable "service_encryption_keys" {
|
||||
description = "Cloud KMS to use to encrypt different services. Key location should match service region."
|
||||
type = object({
|
||||
bq = string
|
||||
|
|
@ -139,3 +137,21 @@ variable "service_encryption_keys" { # service encription key
|
|||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "subnet_self_links" {
|
||||
# tfdoc:variable:source 02-networking
|
||||
description = "Shared VPC subnet self links."
|
||||
type = object({
|
||||
dev-spoke-0 = map(string)
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "vpc_self_links" {
|
||||
# tfdoc:variable:source 02-networking
|
||||
description = "Shared VPC self links."
|
||||
type = object({
|
||||
dev-spoke-0 = string
|
||||
})
|
||||
default = null
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue