zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into hub-and-spoke-vpns-tests

This commit is contained in:
Aleksandr Averbukh 2019-11-04 21:16:51 +01:00
parent b5998918b5 b798309bfe
commit f5a358930d
8 changed files with 38 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
foundations/business-units/main.tf
View File

@ -39,7 +39,7 @@ module "shared-folder" {
module "project-tf" { module "project-tf" {
source = "terraform-google-modules/project-factory/google//modules/fabric-project" source = "terraform-google-modules/project-factory/google//modules/fabric-project"
version = "3.3.1" version = "5.0.0"
parent = module.shared-folder.id parent = module.shared-folder.id
billing_account = var.billing_account_id billing_account = var.billing_account_id
prefix = var.prefix prefix = var.prefix
@ -53,7 +53,7 @@ module "project-tf" {
module "service-accounts-tf-environments" { module "service-accounts-tf-environments" {
source = "terraform-google-modules/service-accounts/google" source = "terraform-google-modules/service-accounts/google"
version = "2.0.0" version = "2.0.1"
project_id = module.project-tf.project_id project_id = module.project-tf.project_id
org_id = var.organization_id org_id = var.organization_id
billing_account_id = var.billing_account_id billing_account_id = var.billing_account_id
@ -98,7 +98,6 @@ module "gcs-tf-environments" {
module "business-unit-1-folders" { module "business-unit-1-folders" {
source = "./modules/business-unit-folders" source = "./modules/business-unit-folders"
business_unit_folder_name = var.business_unit_1_name business_unit_folder_name = var.business_unit_1_name
environments = var.environments environments = var.environments
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
@ -110,7 +109,6 @@ module "business-unit-1-folders" {
module "business-unit-2-folders" { module "business-unit-2-folders" {
source = "./modules/business-unit-folders" source = "./modules/business-unit-folders"
business_unit_folder_name = var.business_unit_2_name business_unit_folder_name = var.business_unit_2_name
environments = var.environments environments = var.environments
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
@ -122,7 +120,6 @@ module "business-unit-2-folders" {
module "business-unit-3-folders" { module "business-unit-3-folders" {
source = "./modules/business-unit-folders" source = "./modules/business-unit-folders"
business_unit_folder_name = var.business_unit_3_name business_unit_folder_name = var.business_unit_3_name
environments = var.environments environments = var.environments
per_folder_admins = module.service-accounts-tf-environments.iam_emails_list per_folder_admins = module.service-accounts-tf-environments.iam_emails_list
@ -138,21 +135,23 @@ module "business-unit-3-folders" {
module "project-audit" { module "project-audit" {
source = "terraform-google-modules/project-factory/google//modules/fabric-project" source = "terraform-google-modules/project-factory/google//modules/fabric-project"
version = "3.3.1" version = "5.0.0"
parent = module.shared-folder.id parent = module.shared-folder.id
billing_account = var.billing_account_id billing_account = var.billing_account_id
prefix = var.prefix prefix = var.prefix
name = "audit" name = "audit"
lien_reason = "audit" lien_reason = "audit"
activate_apis = var.project_services
viewers = var.audit_viewers viewers = var.audit_viewers
activate_apis = concat(var.project_services, [
"bigquery.googleapis.com",
])
} }
# Audit logs destination on BigQuery # Audit logs destination on BigQuery
module "bq-audit-export" { module "bq-audit-export" {
source = "terraform-google-modules/log-export/google//modules/bigquery" source = "terraform-google-modules/log-export/google//modules/bigquery"
version = "3.0.0" version = "3.1.0"
project_id = module.project-audit.project_id project_id = module.project-audit.project_id
dataset_name = "${replace(local.log_sink_name, "-", "_")}" dataset_name = "${replace(local.log_sink_name, "-", "_")}"
log_sink_writer_identity = module.log-sink-audit.writer_identity log_sink_writer_identity = module.log-sink-audit.writer_identity
@ -162,7 +161,7 @@ module "bq-audit-export" {
module "log-sink-audit" { module "log-sink-audit" {
source = "terraform-google-modules/log-export/google" source = "terraform-google-modules/log-export/google"
version = "3.0.0" version = "3.1.0"
filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
log_sink_name = local.log_sink_name log_sink_name = local.log_sink_name
parent_resource_type = local.log_sink_parent_resource_type parent_resource_type = local.log_sink_parent_resource_type
@ -180,7 +179,7 @@ module "log-sink-audit" {
module "project-shared-resources" { module "project-shared-resources" {
source = "terraform-google-modules/project-factory/google//modules/fabric-project" source = "terraform-google-modules/project-factory/google//modules/fabric-project"
version = "3.3.1" version = "5.0.0"
parent = module.shared-folder.id parent = module.shared-folder.id
billing_account = var.billing_account_id billing_account = var.billing_account_id
prefix = var.prefix prefix = var.prefix

18
foundations/business-units/variables.tf
View File

@ -86,23 +86,7 @@ variable "terraform_owners" {
variable "project_services" { variable "project_services" {
description = "Service APIs enabled by default in new projects." description = "Service APIs enabled by default in new projects."
default = [ default = [
"bigquery-json.googleapis.com",
"bigquerystorage.googleapis.com",
"cloudbilling.googleapis.com",
"cloudresourcemanager.googleapis.com",
"compute.googleapis.com",
"container.googleapis.com",
"containerregistry.googleapis.com",
"deploymentmanager.googleapis.com",
"iam.googleapis.com",
"iamcredentials.googleapis.com",
"logging.googleapis.com",
"oslogin.googleapis.com",
"pubsub.googleapis.com",
"replicapool.googleapis.com",
"replicapoolupdater.googleapis.com",
"resourceviews.googleapis.com", "resourceviews.googleapis.com",
"serviceusage.googleapis.com", "stackdriver.googleapis.com",
"storage-api.googleapis.com",
] ]
} }

16
foundations/environments/main.tf
View File

@ -20,7 +20,7 @@
module "project-tf" { module "project-tf" {
source = "terraform-google-modules/project-factory/google//modules/fabric-project" source = "terraform-google-modules/project-factory/google//modules/fabric-project"
version = "3.3.1" version = "5.0.0"
parent = var.root_node parent = var.root_node
billing_account = var.billing_account_id billing_account = var.billing_account_id
prefix = var.prefix prefix = var.prefix
@ -34,7 +34,7 @@ module "project-tf" {
module "service-accounts-tf-environments" { module "service-accounts-tf-environments" {
source = "terraform-google-modules/service-accounts/google" source = "terraform-google-modules/service-accounts/google"
version = "2.0.0" version = "2.0.1"
project_id = module.project-tf.project_id project_id = module.project-tf.project_id
org_id = var.organization_id org_id = var.organization_id
billing_account_id = var.billing_account_id billing_account_id = var.billing_account_id
@ -102,13 +102,15 @@ module "folders-top-level" {
module "project-audit" { module "project-audit" {
source = "terraform-google-modules/project-factory/google//modules/fabric-project" source = "terraform-google-modules/project-factory/google//modules/fabric-project"
version = "3.3.1" version = "5.0.0"
parent = var.root_node parent = var.root_node
billing_account = var.billing_account_id billing_account = var.billing_account_id
prefix = var.prefix prefix = var.prefix
name = "audit" name = "audit"
lien_reason = "audit" lien_reason = "audit"
activate_apis = var.project_services activate_apis = concat(var.project_services, [
"bigquery.googleapis.com",
])
viewers = var.audit_viewers viewers = var.audit_viewers
} }
@ -116,7 +118,7 @@ module "project-audit" {
module "bq-audit-export" { module "bq-audit-export" {
source = "terraform-google-modules/log-export/google//modules/bigquery" source = "terraform-google-modules/log-export/google//modules/bigquery"
version = "3.0.0" version = "3.1.0"
project_id = module.project-audit.project_id project_id = module.project-audit.project_id
dataset_name = "logs_audit_${replace(var.environments[0], "-", "_")}" dataset_name = "logs_audit_${replace(var.environments[0], "-", "_")}"
log_sink_writer_identity = module.log-sink-audit.writer_identity log_sink_writer_identity = module.log-sink-audit.writer_identity
@ -127,7 +129,7 @@ module "bq-audit-export" {
module "log-sink-audit" { module "log-sink-audit" {
source = "terraform-google-modules/log-export/google" source = "terraform-google-modules/log-export/google"
version = "3.0.0" version = "3.1.0"
filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\"" filter = "logName: \"/logs/cloudaudit.googleapis.com%2Factivity\" OR logName: \"/logs/cloudaudit.googleapis.com%2Fsystem_event\""
log_sink_name = "logs-audit-${var.environments[0]}" log_sink_name = "logs-audit-${var.environments[0]}"
parent_resource_type = "folder" parent_resource_type = "folder"
@ -146,7 +148,7 @@ module "log-sink-audit" {
module "project-shared-resources" { module "project-shared-resources" {
source = "terraform-google-modules/project-factory/google//modules/fabric-project" source = "terraform-google-modules/project-factory/google//modules/fabric-project"
version = "3.3.1" version = "5.0.0"
parent = var.root_node parent = var.root_node
billing_account = var.billing_account_id billing_account = var.billing_account_id
prefix = var.prefix prefix = var.prefix

18
foundations/environments/variables.tf
View File

@ -81,23 +81,7 @@ variable "terraform_owners" {
variable "project_services" { variable "project_services" {
description = "Service APIs enabled by default in new projects." description = "Service APIs enabled by default in new projects."
default = [ default = [
"bigquery-json.googleapis.com",
"bigquerystorage.googleapis.com",
"cloudbilling.googleapis.com",
"cloudresourcemanager.googleapis.com",
"compute.googleapis.com",
"container.googleapis.com",
"containerregistry.googleapis.com",
"deploymentmanager.googleapis.com",
"iam.googleapis.com",
"iamcredentials.googleapis.com",
"logging.googleapis.com",
"oslogin.googleapis.com",
"pubsub.googleapis.com",
"replicapool.googleapis.com",
"replicapoolupdater.googleapis.com",
"resourceviews.googleapis.com", "resourceviews.googleapis.com",
"serviceusage.googleapis.com", "stackdriver.googleapis.com",
"storage-api.googleapis.com",
] ]
} }

14
infrastructure/shared-vpc/main.tf
View File

@ -20,20 +20,23 @@
module "project-svpc-host" { module "project-svpc-host" {
source = "terraform-google-modules/project-factory/google//modules/fabric-project" source = "terraform-google-modules/project-factory/google//modules/fabric-project"
version = "3.3.1" version = "5.0.0"
parent = var.root_node parent = var.root_node
prefix = var.prefix prefix = var.prefix
name = "vpc-host" name = "vpc-host"
billing_account = var.billing_account_id billing_account = var.billing_account_id
owners = var.owners_host owners = var.owners_host
activate_apis = var.project_services activate_apis = concat(
var.project_services,
["dns.googleapis.com", "cloudkms.googleapis.com"]
)
} }
# service projects # service projects
module "project-service-gce" { module "project-service-gce" {
source = "terraform-google-modules/project-factory/google//modules/fabric-project" source = "terraform-google-modules/project-factory/google//modules/fabric-project"
version = "3.3.1" version = "5.0.0"
parent = var.root_node parent = var.root_node
prefix = var.prefix prefix = var.prefix
name = "gce" name = "gce"
@ -47,7 +50,7 @@ module "project-service-gce" {
module "project-service-gke" { module "project-service-gke" {
source = "terraform-google-modules/project-factory/google//modules/fabric-project" source = "terraform-google-modules/project-factory/google//modules/fabric-project"
version = "3.3.1" version = "5.0.0"
parent = var.root_node parent = var.root_node
prefix = var.prefix prefix = var.prefix
name = "gke" name = "gke"
@ -105,7 +108,8 @@ module "net-svpc-access" {
host_project_id = module.project-svpc-host.project_id host_project_id = module.project-svpc-host.project_id
service_project_num = 2 service_project_num = 2
service_project_ids = [ service_project_ids = [
module.project-service-gce.project_id, module.project-service-gke.project_id module.project-service-gce.project_id,
module.project-service-gke.project_id
] ]
host_subnets = ["gce", "gke"] host_subnets = ["gce", "gke"]
host_subnet_regions = compact([ host_subnet_regions = compact([

20
infrastructure/shared-vpc/variables.tf
View File

@ -107,25 +107,7 @@ variable "subnet_secondary_ranges" {
variable "project_services" { variable "project_services" {
description = "Service APIs enabled by default in new projects." description = "Service APIs enabled by default in new projects."
default = [ default = [
"bigquery-json.googleapis.com",
"bigquerystorage.googleapis.com",
"cloudbilling.googleapis.com",
"cloudkms.googleapis.com",
"cloudresourcemanager.googleapis.com",
"compute.googleapis.com",
"container.googleapis.com",
"containerregistry.googleapis.com",
"deploymentmanager.googleapis.com",
"dns.googleapis.com",
"iam.googleapis.com",
"iamcredentials.googleapis.com",
"logging.googleapis.com",
"oslogin.googleapis.com",
"pubsub.googleapis.com",
"replicapool.googleapis.com",
"replicapoolupdater.googleapis.com",
"resourceviews.googleapis.com", "resourceviews.googleapis.com",
"serviceusage.googleapis.com", "stackdriver.googleapis.com",
"storage-api.googleapis.com",
] ]
} }

4
tests/foundations/business-units/test_projects.py
View File

@ -41,6 +41,6 @@ def test_project_services(plan, project_modules):
"Project service resource must enable APIs specified in the variable." "Project service resource must enable APIs specified in the variable."
num_services = len(plan.variables['project_services']) num_services = len(plan.variables['project_services'])
for mod in project_modules.values(): for mod in project_modules.values():
project_services = [r for r in mod.child_modules['module.project_services'].resources if r.startswith( project_services = [r for r in mod.resources if r.startswith(
'google_project_service.project_services')] 'google_project_service.project_services')]
assert len(project_services) == num_services assert len(project_services) >= num_services

4
tests/foundations/environments/test_projects.py
View File

@ -39,6 +39,6 @@ def test_project_services(plan, project_modules):
"Project service resource must enable APIs specified in the variable." "Project service resource must enable APIs specified in the variable."
num_services = len(plan.variables['project_services']) num_services = len(plan.variables['project_services'])
for mod in project_modules.values(): for mod in project_modules.values():
project_services = [r for r in mod.child_modules['module.project_services'].resources if r.startswith( project_services = [r for r in mod.resources if r.startswith(
'google_project_service.project_services')] 'google_project_service.project_services')]
assert len(project_services) == num_services assert len(project_services) >= num_services