Merge branch 'master' into fast/var-contracts

2022-02-15 23:42:30 +00:00 · 2022-02-15 23:42:30 +00:00 · d3c95e5784
parent cd52f7c34c ad82501f62
commit d3c95e5784
12 changed files with 24 additions and 53 deletions
--- a/fast/stages/01-resman/branch-teams.tf
+++ b/fast/stages/01-resman/branch-teams.tf
@ -77,7 +77,7 @@ module "branch-teams-team-dev-folder" {
  for_each = coalesce(var.team_folders, {})
  parent   = module.branch-teams-team-folder[each.key].id
  # naming: environment descriptive name
-  name = "${module.branch-teams-team-folder[each.key].name} - Development"
+  name = "Development"
  # environment-wide human permissions on the whole teams environment
  group_iam = {}
  iam = {
@ -127,7 +127,7 @@ module "branch-teams-team-prod-folder" {
  for_each = coalesce(var.team_folders, {})
  parent   = module.branch-teams-team-folder[each.key].id
  # naming: environment descriptive name
-  name = "${module.branch-teams-team-folder[each.key].name} - Production"
+  name = "Production"
  # environment-wide human permissions on the whole teams environment
  group_iam = {}
  iam = {
--- a/fast/stages/03-project-factory/README.md
+++ b/fast/stages/03-project-factory/README.md
@ -3,4 +3,4 @@
 The Project Factory (PF) builds on top of your foundations to create and set up projects (and related resources) to be used for your workloads.
 It is organized in folders representing environments (e.g. "dev", "prod"), each implemented by a stand-alone terraform [resource factory](https://medium.com/google-cloud/resource-factories-a-descriptive-approach-to-terraform-581b3ebb59c).

-This directory contains a single project factory ([`prod/`](./prod/)) as an example - to implement multiple environments (e.g. "prod" and "dev") you'll need to copy the `prod` folder into one folder per environment, then customize each one following the instructions found in [`prod/README.md`](./prod/README.md).
+This directory contains a single project factory ([`dev/`](./dev/)) as an example - to implement multiple environments (e.g. "prod" and "dev") you'll need to copy the `dev` folder into one folder per environment, then customize each one following the instructions found in [`dev/README.md`](./dev/README.md).
--- a/fast/stages/03-project-factory/prod/README.md
+++ b/fast/stages/03-project-factory/prod/README.md
@ -49,7 +49,7 @@ It's of course possible to run this stage in isolation, by making sure the archi
    - `"roles/compute.viewer"`
    - `"roles/dns.admin"`
 - If networking is used (e.g., for VMs, GKE Clusters or AppEngine flex), VPC Host projects and their subnets should exist when creating projects
- If per-environment DNS sub-zones are required, one "root" zone per environment should exist when creating projects (e.g., prod.gcp.example.com.)
+- If per-environment DNS sub-zones are required, one "root" zone per environment should exist when creating projects (e.g., dev.gcp.example.com.)

 ### Providers configuration

@ -57,8 +57,8 @@ If you're running this on top of Fast, you should run the following commands to

 ```bash
 # Variable `outputs_location` is set to `../../../config` in stage 01-resman
-$ cd fabric-fast/stages/03-project-factory/prod
-ln -s ../../../config/03-project-factory-prod/providers.tf
+$ cd fabric-fast/stages/03-project-factory/dev
+ln -s ../../../config/03-project-factory-dev/providers.tf
 ```

 ### Variable configuration
@ -74,16 +74,16 @@ If you configured a valid path for `outputs_location` in the bootstrap and netwo

 ```bash
 # Variable `outputs_location` is set to `../../../config` in stages 01-bootstrap and the 02-networking stage in use
-ln -s ../../../config/03-project-factory-prod/terraform-bootstrap.auto.tfvars.json
-ln -s ../../../config/03-project-factory-prod/terraform-networking.auto.tfvars.json
+ln -s ../../../config/03-project-factory-dev/terraform-bootstrap.auto.tfvars.json
+ln -s ../../../config/03-project-factory-dev/terraform-networking.auto.tfvars.json
 ```

 If you're not using Fast, refer to the [Variables](#variables) table at the bottom of this document for a full list of variables, their origin (e.g., a stage or specific to this one), and descriptions explaining their meaning.

 Besides the values above, a project factory takes 2 additional inputs:

- `data/defaults.yaml`, manually configured by adapting the [`prod/data/defaults.yaml.sample`](./prod/data/defaults.yaml.sample), which defines per-environment default values e.g., for billing alerts and labels.
- `data/projects/*.yaml`, one file per project (optionally grouped in folders), which configures each project. A [`prod/data/projects/project.yaml.sample`](./prod/data/projects/project.yaml.sample) is provided as reference and documentation for the schema. Projects will be named after the filename, e.g., `fast-prod-lab0.yaml` will create project `fast-prod-lab0`.
+- `data/defaults.yaml`, manually configured by adapting the [`data/defaults.yaml`](./data/defaults.yaml), which defines per-environment default values e.g., for billing alerts and labels.
+- `data/projects/*.yaml`, one file per project (optionally grouped in folders), which configures each project. A [`data/projects/project.yaml`](./data/projects/project.yaml) is provided as reference and documentation for the schema. Projects will be named after the filename, e.g., `fast-dev-lab0.yaml` will create project `fast-dev-lab0`.

 Once the configuration is complete, run the project factory by running

--- a/fast/stages/03-project-factory/prod/data/defaults.yaml
+++ b/fast/stages/03-project-factory/prod/data/defaults.yaml
@ -15,7 +15,7 @@ essential_contacts: ["team-contacts@example.com"]

 # [opt] Labels set for all projects
 labels:
-  environment: prod
+  environment: dev
  department: accounting
  application: example-app
  foo: bar
--- a/fast/stages/03-project-factory/prod/data/projects/project.yaml
+++ b/fast/stages/03-project-factory/prod/data/projects/project.yaml
@ -44,7 +44,7 @@ kms_service_agents:

 # [opt] Labels for the project - merged with the ones defined in defaults
 labels:
-  environment: prod
+  environment: dev

 # [opt] Org policy overrides defined at project level
 org_policies:
@ -56,7 +56,7 @@ org_policies:
      status: true
      suggested_value: null
      values:
-        - projects/fast-prod-iac-core-0
+        - projects/fast-dev-iac-core-0

 # [opt] Service account to create for the project and their roles on the project
 # in name => [roles] format
@ -90,11 +90,11 @@ vpc:
    enable_security_admin: true

  # Host project the project will be service project of
-  host_project: fast-prod-net-spoke-0
+  host_project: fast-dev-net-spoke-0

  # [opt] Subnets in the host project where principals will be granted networkUser
  # in region/subnet-name => [principals]
  subnets_iam:
-    europe-west1/prod-default-ew1:
+    europe-west1/dev-default-ew1:
      - user:foobar@example.com
      - serviceAccount:service-account1
--- a/fast/stages/03-project-factory/prod/diagram.png
+++ b/fast/stages/03-project-factory/prod/diagram.png
--- a/fast/stages/03-project-factory/prod/diagram.svg
+++ b/fast/stages/03-project-factory/prod/diagram.svg
--- a/fast/stages/03-project-factory/prod/main.tf
+++ b/fast/stages/03-project-factory/prod/main.tf
--- a/fast/stages/03-project-factory/prod/outputs.tf
+++ b/fast/stages/03-project-factory/prod/outputs.tf
--- a/fast/stages/03-project-factory/prod/variables.tf
+++ b/fast/stages/03-project-factory/prod/variables.tf
--- a/modules/folder/README.md
+++ b/modules/folder/README.md
@ -61,7 +61,7 @@ module "folder" {
    policy_name = null
    rules_file  = "data/rules.yaml"
  }
-  firewall_policy_attachments = {
+  firewall_policy_association = {
    factory-policy = module.folder.firewall_policy_id["factory"]
  }
 }
--- a/tests/fast/stages/s03_project_factory/fixture/main.tf
+++ b/tests/fast/stages/s03_project_factory/fixture/main.tf
@ -14,44 +14,15 @@
 * limitations under the License.
 */

-# tfdoc:file:description Project factory.
-
-
-locals {
-  _defaults = yamldecode(file(var.defaults_file))
-  _defaults_net = {
-    billing_account_id   = var.billing_account_id
-    environment_dns_zone = var.environment_dns_zone
-    shared_vpc_self_link = var.shared_vpc_self_link
-    vpc_host_project     = var.vpc_host_project
-  }
-  defaults = merge(local._defaults, local._defaults_net)
-  projects = {
-    for f in fileset("${var.data_dir}", "**/*.yaml") :
-    trimsuffix(f, ".yaml") => yamldecode(file("${var.data_dir}/${f}"))
-  }
-}
-
 module "projects" {
-  #TODO(sruffilli): Pin to release
-  source             = "../../../../../examples/factories/project-factory"
-  for_each           = local.projects
-  defaults           = local.defaults
-  project_id         = each.key
-  billing_account_id = try(each.value.billing_account_id, null)
-  billing_alert      = try(each.value.billing_alert, null)
-  dns_zones          = try(each.value.dns_zones, [])
-  essential_contacts = try(each.value.essential_contacts, [])
-  folder_id          = each.value.folder_id
-  group_iam          = try(each.value.group_iam, {})
-  iam                = try(each.value.iam, {})
-  kms_service_agents = try(each.value.kms, {})
-  labels             = try(each.value.labels, {})
-  org_policies       = try(each.value.org_policies, null)
-  service_accounts   = try(each.value.service_accounts, {})
-  services           = try(each.value.services, [])
-  services_iam       = try(each.value.services_iam, {})
-  vpc                = try(each.value.vpc, null)
+  source               = "../../../../../fast/stages/03-project-factory/dev"
+  data_dir             = "./data/projects/"
+  defaults_file        = "./data/defaults.yaml"
+  prefix               = "test"
+  billing_account_id   = "12345-67890A-BCDEF0"
+  environment_dns_zone = "dev"
+  shared_vpc_self_link = "fake_link"
+  vpc_host_project     = "host_project"
 }