From 1d187ddd236a0f522528139204f0b64d71d74d9e Mon Sep 17 00:00:00 2001
From: Simone Ruffilli <sruffilli@google.com>
Date: Tue, 15 Feb 2022 12:22:08 +0100
Subject: [PATCH 1/2] FAST: PF example implementation changed to dev. Tests
 updated (#544)

* FAST: PF example implementation changed to dev. Tests updated
* FAST: simplified teams folder names
---
 fast/stages/01-resman/branch-teams.tf         |   4 +-
 fast/stages/03-project-factory/README.md      |   2 +-
 .../{prod => dev}/README.md                   |  14 +++---
 .../{prod => dev}/data/defaults.yaml          |   2 +-
 .../{prod => dev}/data/projects/project.yaml  |   8 ++--
 .../{prod => dev}/diagram.png                 | Bin
 .../{prod => dev}/diagram.svg                 |   0
 .../03-project-factory/{prod => dev}/main.tf  |   0
 .../{prod => dev}/outputs.tf                  |   0
 .../{prod => dev}/variables.tf                |   0
 .../s03_project_factory/fixture/main.tf       |  45 ++++--------------
 11 files changed, 23 insertions(+), 52 deletions(-)
 rename fast/stages/03-project-factory/{prod => dev}/README.md (88%)
 rename fast/stages/03-project-factory/{prod => dev}/data/defaults.yaml (96%)
 rename fast/stages/03-project-factory/{prod => dev}/data/projects/project.yaml (95%)
 rename fast/stages/03-project-factory/{prod => dev}/diagram.png (100%)
 rename fast/stages/03-project-factory/{prod => dev}/diagram.svg (100%)
 rename fast/stages/03-project-factory/{prod => dev}/main.tf (100%)
 rename fast/stages/03-project-factory/{prod => dev}/outputs.tf (100%)
 rename fast/stages/03-project-factory/{prod => dev}/variables.tf (100%)

diff --git a/fast/stages/01-resman/branch-teams.tf b/fast/stages/01-resman/branch-teams.tf
index 41caeadc..9e15a6d3 100644
--- a/fast/stages/01-resman/branch-teams.tf
+++ b/fast/stages/01-resman/branch-teams.tf
@@ -77,7 +77,7 @@ module "branch-teams-team-dev-folder" {
   for_each = coalesce(var.team_folders, {})
   parent   = module.branch-teams-team-folder[each.key].id
   # naming: environment descriptive name
-  name = "${module.branch-teams-team-folder[each.key].name} - Development"
+  name = "Development"
   # environment-wide human permissions on the whole teams environment
   group_iam = {}
   iam = {
@@ -127,7 +127,7 @@ module "branch-teams-team-prod-folder" {
   for_each = coalesce(var.team_folders, {})
   parent   = module.branch-teams-team-folder[each.key].id
   # naming: environment descriptive name
-  name = "${module.branch-teams-team-folder[each.key].name} - Production"
+  name = "Production"
   # environment-wide human permissions on the whole teams environment
   group_iam = {}
   iam = {
diff --git a/fast/stages/03-project-factory/README.md b/fast/stages/03-project-factory/README.md
index 2be41b95..3a139411 100644
--- a/fast/stages/03-project-factory/README.md
+++ b/fast/stages/03-project-factory/README.md
@@ -3,4 +3,4 @@
 The Project Factory (PF) builds on top of your foundations to create and set up projects (and related resources) to be used for your workloads.
 It is organized in folders representing environments (e.g. "dev", "prod"), each implemented by a stand-alone terraform [resource factory](https://medium.com/google-cloud/resource-factories-a-descriptive-approach-to-terraform-581b3ebb59c).
 
-This directory contains a single project factory ([`prod/`](./prod/)) as an example - to implement multiple environments (e.g. "prod" and "dev") you'll need to copy the `prod` folder into one folder per environment, then customize each one following the instructions found in [`prod/README.md`](./prod/README.md).
\ No newline at end of file
+This directory contains a single project factory ([`dev/`](./dev/)) as an example - to implement multiple environments (e.g. "prod" and "dev") you'll need to copy the `dev` folder into one folder per environment, then customize each one following the instructions found in [`dev/README.md`](./dev/README.md).
diff --git a/fast/stages/03-project-factory/prod/README.md b/fast/stages/03-project-factory/dev/README.md
similarity index 88%
rename from fast/stages/03-project-factory/prod/README.md
rename to fast/stages/03-project-factory/dev/README.md
index c784342c..2971cd05 100644
--- a/fast/stages/03-project-factory/prod/README.md
+++ b/fast/stages/03-project-factory/dev/README.md
@@ -49,7 +49,7 @@ It's of course possible to run this stage in isolation, by making sure the archi
     - `"roles/compute.viewer"`
     - `"roles/dns.admin"`
 - If networking is used (e.g., for VMs, GKE Clusters or AppEngine flex), VPC Host projects and their subnets should exist when creating projects
-- If per-environment DNS sub-zones are required, one "root" zone per environment should exist when creating projects (e.g., prod.gcp.example.com.)
+- If per-environment DNS sub-zones are required, one "root" zone per environment should exist when creating projects (e.g., dev.gcp.example.com.)
 
 ### Providers configuration
 
@@ -57,8 +57,8 @@ If you're running this on top of Fast, you should run the following commands to
 
 ```bash
 # Variable `outputs_location` is set to `../../../config` in stage 01-resman
-$ cd fabric-fast/stages/03-project-factory/prod
-ln -s ../../../config/03-project-factory-prod/providers.tf
+$ cd fabric-fast/stages/03-project-factory/dev
+ln -s ../../../config/03-project-factory-dev/providers.tf
 ```
 
 ### Variable configuration
@@ -74,16 +74,16 @@ If you configured a valid path for `outputs_location` in the bootstrap and netwo
 
 ```bash
 # Variable `outputs_location` is set to `../../../config` in stages 01-bootstrap and the 02-networking stage in use
-ln -s ../../../config/03-project-factory-prod/terraform-bootstrap.auto.tfvars.json
-ln -s ../../../config/03-project-factory-prod/terraform-networking.auto.tfvars.json
+ln -s ../../../config/03-project-factory-dev/terraform-bootstrap.auto.tfvars.json
+ln -s ../../../config/03-project-factory-dev/terraform-networking.auto.tfvars.json
 ```
 
 If you're not using Fast, refer to the [Variables](#variables) table at the bottom of this document for a full list of variables, their origin (e.g., a stage or specific to this one), and descriptions explaining their meaning.
 
 Besides the values above, a project factory takes 2 additional inputs:
 
-- `data/defaults.yaml`, manually configured by adapting the [`prod/data/defaults.yaml.sample`](./prod/data/defaults.yaml.sample), which defines per-environment default values e.g., for billing alerts and labels.
-- `data/projects/*.yaml`, one file per project (optionally grouped in folders), which configures each project. A [`prod/data/projects/project.yaml.sample`](./prod/data/projects/project.yaml.sample) is provided as reference and documentation for the schema. Projects will be named after the filename, e.g., `fast-prod-lab0.yaml` will create project `fast-prod-lab0`.
+- `data/defaults.yaml`, manually configured by adapting the [`data/defaults.yaml`](./data/defaults.yaml), which defines per-environment default values e.g., for billing alerts and labels.
+- `data/projects/*.yaml`, one file per project (optionally grouped in folders), which configures each project. A [`data/projects/project.yaml`](./data/projects/project.yaml) is provided as reference and documentation for the schema. Projects will be named after the filename, e.g., `fast-dev-lab0.yaml` will create project `fast-dev-lab0`.
 
 Once the configuration is complete, run the project factory by running
 
diff --git a/fast/stages/03-project-factory/prod/data/defaults.yaml b/fast/stages/03-project-factory/dev/data/defaults.yaml
similarity index 96%
rename from fast/stages/03-project-factory/prod/data/defaults.yaml
rename to fast/stages/03-project-factory/dev/data/defaults.yaml
index dc5b1616..e52bb132 100644
--- a/fast/stages/03-project-factory/prod/data/defaults.yaml
+++ b/fast/stages/03-project-factory/dev/data/defaults.yaml
@@ -15,7 +15,7 @@ essential_contacts: ["team-contacts@example.com"]
 
 # [opt] Labels set for all projects
 labels:
-  environment: prod
+  environment: dev
   department: accounting
   application: example-app
   foo: bar
diff --git a/fast/stages/03-project-factory/prod/data/projects/project.yaml b/fast/stages/03-project-factory/dev/data/projects/project.yaml
similarity index 95%
rename from fast/stages/03-project-factory/prod/data/projects/project.yaml
rename to fast/stages/03-project-factory/dev/data/projects/project.yaml
index 7ad16016..13a8f5f5 100644
--- a/fast/stages/03-project-factory/prod/data/projects/project.yaml
+++ b/fast/stages/03-project-factory/dev/data/projects/project.yaml
@@ -44,7 +44,7 @@ kms_service_agents:
 
 # [opt] Labels for the project - merged with the ones defined in defaults
 labels:
-  environment: prod
+  environment: dev
 
 # [opt] Org policy overrides defined at project level
 org_policies:
@@ -56,7 +56,7 @@ org_policies:
       status: true
       suggested_value: null
       values:
-        - projects/fast-prod-iac-core-0
+        - projects/fast-dev-iac-core-0
 
 # [opt] Service account to create for the project and their roles on the project
 # in name => [roles] format
@@ -90,11 +90,11 @@ vpc:
     enable_security_admin: true
 
   # Host project the project will be service project of
-  host_project: fast-prod-net-spoke-0
+  host_project: fast-dev-net-spoke-0
 
   # [opt] Subnets in the host project where principals will be granted networkUser
   # in region/subnet-name => [principals]
   subnets_iam:
-    europe-west1/prod-default-ew1:
+    europe-west1/dev-default-ew1:
       - user:foobar@example.com
       - serviceAccount:service-account1
diff --git a/fast/stages/03-project-factory/prod/diagram.png b/fast/stages/03-project-factory/dev/diagram.png
similarity index 100%
rename from fast/stages/03-project-factory/prod/diagram.png
rename to fast/stages/03-project-factory/dev/diagram.png
diff --git a/fast/stages/03-project-factory/prod/diagram.svg b/fast/stages/03-project-factory/dev/diagram.svg
similarity index 100%
rename from fast/stages/03-project-factory/prod/diagram.svg
rename to fast/stages/03-project-factory/dev/diagram.svg
diff --git a/fast/stages/03-project-factory/prod/main.tf b/fast/stages/03-project-factory/dev/main.tf
similarity index 100%
rename from fast/stages/03-project-factory/prod/main.tf
rename to fast/stages/03-project-factory/dev/main.tf
diff --git a/fast/stages/03-project-factory/prod/outputs.tf b/fast/stages/03-project-factory/dev/outputs.tf
similarity index 100%
rename from fast/stages/03-project-factory/prod/outputs.tf
rename to fast/stages/03-project-factory/dev/outputs.tf
diff --git a/fast/stages/03-project-factory/prod/variables.tf b/fast/stages/03-project-factory/dev/variables.tf
similarity index 100%
rename from fast/stages/03-project-factory/prod/variables.tf
rename to fast/stages/03-project-factory/dev/variables.tf
diff --git a/tests/fast/stages/s03_project_factory/fixture/main.tf b/tests/fast/stages/s03_project_factory/fixture/main.tf
index 8f5f8c4d..ba9b1650 100644
--- a/tests/fast/stages/s03_project_factory/fixture/main.tf
+++ b/tests/fast/stages/s03_project_factory/fixture/main.tf
@@ -14,44 +14,15 @@
  * limitations under the License.
  */
 
-# tfdoc:file:description Project factory.
-
-
-locals {
-  _defaults = yamldecode(file(var.defaults_file))
-  _defaults_net = {
-    billing_account_id   = var.billing_account_id
-    environment_dns_zone = var.environment_dns_zone
-    shared_vpc_self_link = var.shared_vpc_self_link
-    vpc_host_project     = var.vpc_host_project
-  }
-  defaults = merge(local._defaults, local._defaults_net)
-  projects = {
-    for f in fileset("${var.data_dir}", "**/*.yaml") :
-    trimsuffix(f, ".yaml") => yamldecode(file("${var.data_dir}/${f}"))
-  }
-}
-
 module "projects" {
-  #TODO(sruffilli): Pin to release
-  source             = "../../../../../examples/factories/project-factory"
-  for_each           = local.projects
-  defaults           = local.defaults
-  project_id         = each.key
-  billing_account_id = try(each.value.billing_account_id, null)
-  billing_alert      = try(each.value.billing_alert, null)
-  dns_zones          = try(each.value.dns_zones, [])
-  essential_contacts = try(each.value.essential_contacts, [])
-  folder_id          = each.value.folder_id
-  group_iam          = try(each.value.group_iam, {})
-  iam                = try(each.value.iam, {})
-  kms_service_agents = try(each.value.kms, {})
-  labels             = try(each.value.labels, {})
-  org_policies       = try(each.value.org_policies, null)
-  service_accounts   = try(each.value.service_accounts, {})
-  services           = try(each.value.services, [])
-  services_iam       = try(each.value.services_iam, {})
-  vpc                = try(each.value.vpc, null)
+  source               = "../../../../../fast/stages/03-project-factory/dev"
+  data_dir             = "./data/projects/"
+  defaults_file        = "./data/defaults.yaml"
+  prefix               = "test"
+  billing_account_id   = "12345-67890A-BCDEF0"
+  environment_dns_zone = "dev"
+  shared_vpc_self_link = "fake_link"
+  vpc_host_project     = "host_project"
 }
 
 

From ad82501f6286035f0de76ff8c628ffef09e5cd5b Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Tue, 15 Feb 2022 15:13:10 +0100
Subject: [PATCH 2/2] Update README.md

---
 modules/folder/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/folder/README.md b/modules/folder/README.md
index e41dcb5b..11a8c3f7 100644
--- a/modules/folder/README.md
+++ b/modules/folder/README.md
@@ -61,7 +61,7 @@ module "folder" {
     policy_name = null
     rules_file  = "data/rules.yaml"
   }
-  firewall_policy_attachments = {
+  firewall_policy_association = {
     factory-policy = module.folder.firewall_policy_id["factory"]
   }
 }