wip
This commit is contained in:
parent
ee7a615a58
commit
d6a81fb662
|
@ -461,18 +461,18 @@ The remaining configuration is manual, as it regards the repositories themselves
|
|||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [billing_account](variables.tf#L17) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object({ id = string organization_id = number })">object({…})</code> | ✓ | | |
|
||||
| [organization](variables.tf#L179) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | |
|
||||
| [prefix](variables.tf#L194) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | |
|
||||
| [organization](variables.tf#L181) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | |
|
||||
| [prefix](variables.tf#L196) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | |
|
||||
| [bootstrap_user](variables.tf#L25) | Email of the nominal user running this stage for the first time. | <code>string</code> | | <code>null</code> | |
|
||||
| [cicd_repositories](variables.tf#L31) | CI/CD repository configuration. Identity providers reference keys in the `federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | <code title="object({ bootstrap = object({ branch = string identity_provider = string name = string type = string }) cicd = object({ branch = string identity_provider = string name = string type = string }) resman = object({ branch = string identity_provider = string name = string type = string }) })">object({…})</code> | | <code>null</code> | |
|
||||
| [custom_role_names](variables.tf#L83) | Names of custom roles defined at the org level. | <code title="object({ organization_iam_admin = string service_project_network_admin = string })">object({…})</code> | | <code title="{ organization_iam_admin = "organizationIamAdmin" service_project_network_admin = "serviceProjectNetworkAdmin" }">{…}</code> | |
|
||||
| [fast_features](variables.tf#L95) | Selective control for top-level FAST features. | <code title="object({ data_platform = bool project_factory = bool sandbox = bool teams = bool })">object({…})</code> | | <code title="{ data_platform = true project_factory = true sandbox = true teams = true }">{…}</code> | |
|
||||
| [federated_identity_providers](variables.tf#L112) | Workload Identity Federation pools. The `cicd_repositories` variable references keys here. | <code title="map(object({ attribute_condition = string issuer = string custom_settings = object({ issuer_uri = string allowed_audiences = list(string) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [groups](variables.tf#L126) | Group names to grant organization-level permissions. | <code>map(string)</code> | | <code title="{ gcp-billing-admins = "gcp-billing-admins", gcp-devops = "gcp-devops", gcp-network-admins = "gcp-network-admins" gcp-organization-admins = "gcp-organization-admins" gcp-security-admins = "gcp-security-admins" gcp-support = "gcp-support" }">{…}</code> | |
|
||||
| [iam](variables.tf#L140) | Organization-level custom IAM settings in role => [principal] format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam_additive](variables.tf#L146) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [log_sinks](variables.tf#L154) | Org-level log sinks, in name => {type, filter} format. | <code title="map(object({ filter = string type = string }))">map(object({…}))</code> | | <code title="{ audit-logs = { filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" type = "bigquery" } vpc-sc = { filter = "protoPayload.metadata.@type=\"type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata\"" type = "bigquery" } }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L188) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [fast_features](variables.tf#L95) | Selective control for top-level FAST features. | <code title="object({ data_platform = bool gke = bool project_factory = bool sandbox = bool teams = bool })">object({…})</code> | | <code title="{ data_platform = true gke = true project_factory = true sandbox = true teams = true }">{…}</code> | |
|
||||
| [federated_identity_providers](variables.tf#L114) | Workload Identity Federation pools. The `cicd_repositories` variable references keys here. | <code title="map(object({ attribute_condition = string issuer = string custom_settings = object({ issuer_uri = string allowed_audiences = list(string) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [groups](variables.tf#L128) | Group names to grant organization-level permissions. | <code>map(string)</code> | | <code title="{ gcp-billing-admins = "gcp-billing-admins", gcp-devops = "gcp-devops", gcp-network-admins = "gcp-network-admins" gcp-organization-admins = "gcp-organization-admins" gcp-security-admins = "gcp-security-admins" gcp-support = "gcp-support" }">{…}</code> | |
|
||||
| [iam](variables.tf#L142) | Organization-level custom IAM settings in role => [principal] format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [iam_additive](variables.tf#L148) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [log_sinks](variables.tf#L156) | Org-level log sinks, in name => {type, filter} format. | <code title="map(object({ filter = string type = string }))">map(object({…}))</code> | | <code title="{ audit-logs = { filter = "logName:\"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName:\"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" type = "bigquery" } vpc-sc = { filter = "protoPayload.metadata.@type=\"type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata\"" type = "bigquery" } }">{…}</code> | |
|
||||
| [outputs_location](variables.tf#L190) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -163,6 +163,12 @@ module "organization" {
|
|||
]
|
||||
(var.custom_role_names.service_project_network_admin) = [
|
||||
"compute.globalOperations.get",
|
||||
# the following two permissions are used by automation service accounts
|
||||
# who manage service projects where peering creation might be needed
|
||||
# (e.g. GKE), if you remove them make sure your network administrators
|
||||
# should create peerings for service projects
|
||||
"compute.networks.updatePeering",
|
||||
"compute.networks.get",
|
||||
"compute.organizations.disableXpnResource",
|
||||
"compute.organizations.enableXpnResource",
|
||||
"compute.projects.get",
|
||||
|
@ -170,14 +176,6 @@ module "organization" {
|
|||
"compute.subnetworks.setIamPolicy",
|
||||
"dns.networks.bindPrivateDNSZone",
|
||||
"resourcemanager.projects.get",
|
||||
|
||||
# if you prefer not granting permissions to create peerings to
|
||||
# service accounts deploying service projects, remove these
|
||||
# permissions and ask you network administrator to create any
|
||||
# needed peerings (e.g. if you need to update routes for a GKE
|
||||
# cluster)
|
||||
"compute.networks.updatePeering",
|
||||
"compute.networks.get",
|
||||
]
|
||||
}
|
||||
logging_sinks = {
|
||||
|
|
|
@ -96,12 +96,14 @@ variable "fast_features" {
|
|||
description = "Selective control for top-level FAST features."
|
||||
type = object({
|
||||
data_platform = bool
|
||||
gke = bool
|
||||
project_factory = bool
|
||||
sandbox = bool
|
||||
teams = bool
|
||||
})
|
||||
default = {
|
||||
data_platform = true
|
||||
gke = true
|
||||
project_factory = true
|
||||
sandbox = true
|
||||
teams = true
|
||||
|
|
|
@ -182,29 +182,30 @@ Due to its simplicity, this stage lends itself easily to customizations: adding
|
|||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [automation](variables.tf#L20) | Automation resources created by the bootstrap stage. | <code title="object({ outputs_bucket = string project_id = string project_number = string federated_identity_pool = string federated_identity_providers = map(object({ issuer = string issuer_uri = string name = string principal_tpl = string principalset_tpl = string })) })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [billing_account](variables.tf#L38) | Billing account id and organization id ('nnnnnnnn' or null). | <code title="object({ id = string organization_id = number })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [organization](variables.tf#L159) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [prefix](variables.tf#L183) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [organization](variables.tf#L161) | Organization details. | <code title="object({ domain = string id = number customer_id = string })">object({…})</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [prefix](variables.tf#L185) | Prefix used for resources that need unique names. Use 9 characters or less. | <code>string</code> | ✓ | | <code>00-bootstrap</code> |
|
||||
| [cicd_repositories](variables.tf#L47) | CI/CD repository configuration. Identity providers reference keys in the `automation.federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. | <code title="object({ data_platform_dev = object({ branch = string identity_provider = string name = string type = string }) data_platform_prod = object({ branch = string identity_provider = string name = string type = string }) networking = object({ branch = string identity_provider = string name = string type = string }) project_factory_dev = object({ branch = string identity_provider = string name = string type = string }) project_factory_prod = object({ branch = string identity_provider = string name = string type = string }) security = object({ branch = string identity_provider = string name = string type = string }) })">object({…})</code> | | <code>null</code> | |
|
||||
| [custom_roles](variables.tf#L117) | Custom roles defined at the org level, in key => id format. | <code title="object({ service_project_network_admin = string })">object({…})</code> | | <code>null</code> | <code>00-bootstrap</code> |
|
||||
| [fast_features](variables.tf#L126) | Selective control for top-level FAST features. | <code title="object({ data_platform = bool project_factory = bool sandbox = bool teams = bool })">object({…})</code> | | <code title="{ data_platform = true project_factory = true sandbox = true teams = true }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [groups](variables.tf#L144) | Group names to grant organization-level permissions. | <code>map(string)</code> | | <code title="{ gcp-billing-admins = "gcp-billing-admins", gcp-devops = "gcp-devops", gcp-network-admins = "gcp-network-admins" gcp-organization-admins = "gcp-organization-admins" gcp-security-admins = "gcp-security-admins" gcp-support = "gcp-support" }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [organization_policy_configs](variables.tf#L169) | Organization policies customization. | <code title="object({ allowed_policy_member_domains = list(string) })">object({…})</code> | | <code>null</code> | |
|
||||
| [outputs_location](variables.tf#L177) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [tag_names](variables.tf#L194) | Customized names for resource management tags. | <code title="object({ context = string environment = string })">object({…})</code> | | <code title="{ context = "context" environment = "environment" }">{…}</code> | |
|
||||
| [team_folders](variables.tf#L211) | Team folders to be created. Format is described in a code comment. | <code title="map(object({ descriptive_name = string group_iam = map(list(string)) impersonation_groups = list(string) }))">map(object({…}))</code> | | <code>null</code> | |
|
||||
| [fast_features](variables.tf#L126) | Selective control for top-level FAST features. | <code title="object({ data_platform = bool gke = bool project_factory = bool sandbox = bool teams = bool })">object({…})</code> | | <code title="{ data_platform = true gke = true project_factory = true sandbox = true teams = true }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [groups](variables.tf#L146) | Group names to grant organization-level permissions. | <code>map(string)</code> | | <code title="{ gcp-billing-admins = "gcp-billing-admins", gcp-devops = "gcp-devops", gcp-network-admins = "gcp-network-admins" gcp-organization-admins = "gcp-organization-admins" gcp-security-admins = "gcp-security-admins" gcp-support = "gcp-support" }">{…}</code> | <code>00-bootstrap</code> |
|
||||
| [organization_policy_configs](variables.tf#L171) | Organization policies customization. | <code title="object({ allowed_policy_member_domains = list(string) })">object({…})</code> | | <code>null</code> | |
|
||||
| [outputs_location](variables.tf#L179) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
|
||||
| [tag_names](variables.tf#L196) | Customized names for resource management tags. | <code title="object({ context = string environment = string })">object({…})</code> | | <code title="{ context = "context" environment = "environment" }">{…}</code> | |
|
||||
| [team_folders](variables.tf#L213) | Team folders to be created. Format is described in a code comment. | <code title="map(object({ descriptive_name = string group_iam = map(list(string)) impersonation_groups = list(string) }))">map(object({…}))</code> | | <code>null</code> | |
|
||||
|
||||
## Outputs
|
||||
|
||||
| name | description | sensitive | consumers |
|
||||
|---|---|:---:|---|
|
||||
| [cicd_repositories](outputs.tf#L154) | WIF configuration for CI/CD repositories. | | |
|
||||
| [dataplatform](outputs.tf#L168) | Data for the Data Platform stage. | | |
|
||||
| [networking](outputs.tf#L184) | Data for the networking stage. | | |
|
||||
| [project_factories](outputs.tf#L193) | Data for the project factories stage. | | |
|
||||
| [providers](outputs.tf#L209) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
|
||||
| [sandbox](outputs.tf#L216) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
|
||||
| [security](outputs.tf#L230) | Data for the networking stage. | | <code>02-security</code> |
|
||||
| [teams](outputs.tf#L240) | Data for the teams stage. | | |
|
||||
| [tfvars](outputs.tf#L253) | Terraform variable files for the following stages. | ✓ | |
|
||||
| [cicd_repositories](outputs.tf#L166) | WIF configuration for CI/CD repositories. | | |
|
||||
| [dataplatform](outputs.tf#L180) | Data for the Data Platform stage. | | |
|
||||
| [gke_multitenant](outputs.tf#L252) | Data for the GKE multitenant stage. | | <code>03-gke-multitenant</code> |
|
||||
| [networking](outputs.tf#L196) | Data for the networking stage. | | |
|
||||
| [project_factories](outputs.tf#L205) | Data for the project factories stage. | | |
|
||||
| [providers](outputs.tf#L221) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>xx-sandbox</code> · <code>xx-teams</code> |
|
||||
| [sandbox](outputs.tf#L228) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
|
||||
| [security](outputs.tf#L242) | Data for the networking stage. | | <code>02-security</code> |
|
||||
| [teams](outputs.tf#L269) | Data for the teams stage. | | |
|
||||
| [tfvars](outputs.tf#L282) | Terraform variable files for the following stages. | ✓ | |
|
||||
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -24,12 +24,12 @@ locals {
|
|||
module.branch-security-sa.iam_email,
|
||||
],
|
||||
local.branch_dataplatform_sa_iam_emails,
|
||||
local.branch_gke_sa_iam_emails,
|
||||
local.branch_pf_sa_iam_emails,
|
||||
# enable if individual teams can create their own projects
|
||||
# [
|
||||
# for k, v in module.branch-teams-team-sa : v.iam_email
|
||||
# ],
|
||||
local.branch_teams_pf_sa_iam_emails,
|
||||
local.branch_gke_multitenant_sa_iam_emails
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -32,24 +32,24 @@ module "branch-gke-folder" {
|
|||
|
||||
# GKE-level folders, service accounts and buckets for each individual environment
|
||||
|
||||
module "branch-gke-multitenant-prod-folder" {
|
||||
module "branch-gke-prod-folder" {
|
||||
source = "../../../modules/folder"
|
||||
parent = module.branch-gke-folder.id
|
||||
name = "Production"
|
||||
iam = {
|
||||
"roles/owner" = [
|
||||
module.branch-gke-multitenant-prod-sa.iam_email
|
||||
module.branch-gke-prod-sa.iam_email
|
||||
]
|
||||
"roles/resourcemanager.projectCreator" = [
|
||||
module.branch-gke-multitenant-prod-sa.iam_email
|
||||
module.branch-gke-prod-sa.iam_email
|
||||
]
|
||||
"roles/compute.xpnAdmin" = [
|
||||
module.branch-gke-multitenant-prod-sa.iam_email
|
||||
module.branch-gke-prod-sa.iam_email
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
module "branch-gke-multitenant-prod-sa" {
|
||||
module "branch-gke-prod-sa" {
|
||||
source = "../../../modules/iam-service-account"
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-gke-0"
|
||||
|
@ -61,36 +61,36 @@ module "branch-gke-multitenant-prod-sa" {
|
|||
}
|
||||
}
|
||||
|
||||
module "branch-gke-multitenant-prod-gcs" {
|
||||
module "branch-gke-prod-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
project_id = var.automation.project_id
|
||||
name = "prod-resman-gke-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-gke-multitenant-prod-sa.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-gke-prod-sa.iam_email]
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
module "branch-gke-multitenant-dev-folder" {
|
||||
module "branch-gke-dev-folder" {
|
||||
source = "../../../modules/folder"
|
||||
parent = module.branch-gke-folder.id
|
||||
name = "Development"
|
||||
iam = {
|
||||
"roles/owner" = [
|
||||
module.branch-gke-multitenant-dev-sa.iam_email
|
||||
module.branch-gke-dev-sa.iam_email
|
||||
]
|
||||
"roles/resourcemanager.projectCreator" = [
|
||||
module.branch-gke-multitenant-dev-sa.iam_email
|
||||
module.branch-gke-dev-sa.iam_email
|
||||
]
|
||||
"roles/compute.xpnAdmin" = [
|
||||
module.branch-gke-multitenant-dev-sa.iam_email
|
||||
module.branch-gke-dev-sa.iam_email
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
module "branch-gke-multitenant-dev-sa" {
|
||||
module "branch-gke-dev-sa" {
|
||||
source = "../../../modules/iam-service-account"
|
||||
project_id = var.automation.project_id
|
||||
name = "dev-resman-gke-0"
|
||||
|
@ -102,13 +102,13 @@ module "branch-gke-multitenant-dev-sa" {
|
|||
}
|
||||
}
|
||||
|
||||
module "branch-gke-multitenant-dev-gcs" {
|
||||
module "branch-gke-dev-gcs" {
|
||||
source = "../../../modules/gcs"
|
||||
project_id = var.automation.project_id
|
||||
name = "dev-resman-gke-0"
|
||||
prefix = var.prefix
|
||||
versioning = true
|
||||
iam = {
|
||||
"roles/storage.objectAdmin" = [module.branch-gke-multitenant-dev-sa.iam_email]
|
||||
"roles/storage.objectAdmin" = [module.branch-gke-dev-sa.iam_email]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -53,7 +53,7 @@ module "branch-network-prod-folder" {
|
|||
"roles/compute.xpnAdmin" = compact([
|
||||
try(module.branch-dp-prod-sa.0.iam_email, ""),
|
||||
try(module.branch-pf-prod-sa.0.iam_email, ""),
|
||||
module.branch-gke-multitenant-prod-sa.iam_email,
|
||||
module.branch-gke-prod-sa.iam_email,
|
||||
])
|
||||
}
|
||||
tag_bindings = {
|
||||
|
@ -71,7 +71,7 @@ module "branch-network-dev-folder" {
|
|||
(local.custom_roles.service_project_network_admin) = compact([
|
||||
try(module.branch-dp-dev-sa.0.iam_email, ""),
|
||||
try(module.branch-pf-dev-sa.0.iam_email, ""),
|
||||
module.branch-gke-multitenant-dev-sa.iam_email,
|
||||
module.branch-gke-dev-sa.iam_email,
|
||||
])
|
||||
}
|
||||
tag_bindings = {
|
||||
|
|
|
@ -57,7 +57,6 @@ locals {
|
|||
"02-security.auto.tfvars.json"
|
||||
]
|
||||
}
|
||||
|
||||
custom_roles = coalesce(var.custom_roles, {})
|
||||
groups = {
|
||||
for k, v in var.groups :
|
||||
|
|
|
@ -26,12 +26,15 @@ locals {
|
|||
]
|
||||
: []
|
||||
)
|
||||
# set to the empty list if you remove the teams branch
|
||||
branch_gke_multitenant_sa_iam_emails = [
|
||||
module.branch-gke-multitenant-dev-sa.iam_email,
|
||||
module.branch-gke-multitenant-prod-sa.iam_email
|
||||
branch_gke_sa_iam_emails = (
|
||||
var.fast_features.gke
|
||||
? [
|
||||
module.branch-gke-dev-sa.iam_email,
|
||||
module.branch-gke-prod-sa.iam_email
|
||||
]
|
||||
branch_teams_pf_sa_iam_emails = (
|
||||
: []
|
||||
)
|
||||
branch_pf_sa_iam_emails = (
|
||||
var.fast_features.project_factory
|
||||
? [
|
||||
module.branch-pf-dev-sa.0.iam_email,
|
||||
|
@ -76,19 +79,19 @@ module "organization" {
|
|||
]
|
||||
},
|
||||
local.billing_org ? {
|
||||
"roles/billing.costsManager" = local.branch_teams_pf_sa_iam_emails
|
||||
"roles/billing.costsManager" = local.branch_pf_sa_iam_emails
|
||||
"roles/billing.user" = concat(
|
||||
[
|
||||
module.branch-network-sa.iam_email,
|
||||
module.branch-security-sa.iam_email,
|
||||
],
|
||||
local.branch_dataplatform_sa_iam_emails,
|
||||
local.branch_gke_sa_iam_emails,
|
||||
local.branch_pf_sa_iam_emails,
|
||||
# enable if individual teams can create their own projects
|
||||
# [
|
||||
# for k, v in module.branch-teams-team-sa : v.iam_email
|
||||
# ],
|
||||
local.branch_teams_pf_sa_iam_emails,
|
||||
local.branch_gke_multitenant_sa_iam_emails
|
||||
)
|
||||
} : {}
|
||||
)
|
||||
|
|
|
@ -64,8 +64,8 @@ locals {
|
|||
{
|
||||
data-platform-dev = try(module.branch-dp-dev-folder.0.id, null)
|
||||
data-platform-prod = try(module.branch-dp-prod-folder.0.id, null)
|
||||
gke-multitenant-dev = module.branch-gke-multitenant-dev-folder.id
|
||||
gke-multitenant-prod = module.branch-gke-multitenant-prod-folder.id
|
||||
gke-multitenant-dev = module.branch-gke-dev-folder.id
|
||||
gke-multitenant-prod = module.branch-gke-prod-folder.id
|
||||
networking = module.branch-network-folder.id
|
||||
networking-dev = module.branch-network-dev-folder.id
|
||||
networking-prod = module.branch-network-prod-folder.id
|
||||
|
@ -98,15 +98,15 @@ locals {
|
|||
name = "security"
|
||||
sa = module.branch-security-sa.email
|
||||
})
|
||||
"03-gke-multitenant-dev" = templatefile(local._tpl_providers, {
|
||||
bucket = module.branch-gke-multitenant-dev-gcs.name
|
||||
name = "gke-multitenant-dev"
|
||||
sa = module.branch-gke-multitenant-dev-sa.email
|
||||
"03-gke-dev" = templatefile(local._tpl_providers, {
|
||||
bucket = module.branch-gke-dev-gcs.name
|
||||
name = "gke-dev"
|
||||
sa = module.branch-gke-dev-sa.email
|
||||
})
|
||||
"03-gke-multitenant-prod" = templatefile(local._tpl_providers, {
|
||||
bucket = module.branch-gke-multitenant-prod-gcs.name
|
||||
name = "gke-multitenant-prod"
|
||||
sa = module.branch-gke-multitenant-prod-sa.email
|
||||
"03-gke-prod" = templatefile(local._tpl_providers, {
|
||||
bucket = module.branch-gke-prod-gcs.name
|
||||
name = "gke-prod"
|
||||
sa = module.branch-gke-prod-sa.email
|
||||
})
|
||||
},
|
||||
!var.fast_features.data_platform ? {} : {
|
||||
|
@ -254,14 +254,14 @@ output "gke_multitenant" {
|
|||
description = "Data for the GKE multitenant stage."
|
||||
value = {
|
||||
"dev" = {
|
||||
folder = module.branch-gke-multitenant-dev-folder.id
|
||||
gcs_bucket = module.branch-gke-multitenant-dev-gcs.name
|
||||
service_account = module.branch-gke-multitenant-dev-sa.email
|
||||
folder = module.branch-gke-dev-folder.id
|
||||
gcs_bucket = module.branch-gke-dev-gcs.name
|
||||
service_account = module.branch-gke-dev-sa.email
|
||||
}
|
||||
"prod" = {
|
||||
folder = module.branch-gke-multitenant-prod-folder.id
|
||||
gcs_bucket = module.branch-gke-multitenant-prod-gcs.name
|
||||
service_account = module.branch-gke-multitenant-prod-sa.email
|
||||
folder = module.branch-gke-prod-folder.id
|
||||
gcs_bucket = module.branch-gke-prod-gcs.name
|
||||
service_account = module.branch-gke-prod-sa.email
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -128,12 +128,14 @@ variable "fast_features" {
|
|||
description = "Selective control for top-level FAST features."
|
||||
type = object({
|
||||
data_platform = bool
|
||||
gke = bool
|
||||
project_factory = bool
|
||||
sandbox = bool
|
||||
teams = bool
|
||||
})
|
||||
default = {
|
||||
data_platform = true
|
||||
gke = true
|
||||
project_factory = true
|
||||
sandbox = true
|
||||
teams = true
|
||||
|
|
Loading…
Reference in New Issue