zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix permissions and update NVA and peering net stages for gke

This commit is contained in:
Julio Castillo 2022-05-27 16:06:41 +02:00
parent 259afec97d
commit f9b808b4bc
11 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
fast/stages/01-resman/branch-gke.tf
View File

@ -51,7 +51,7 @@ module "branch-gke-multitenant-prod-folder" {
module "branch-gke-multitenant-prod-sa" { module "branch-gke-multitenant-prod-sa" {
source = "../../../modules/iam-service-account" source = "../../../modules/iam-service-account"
project_id = var.automation_project_id project_id = var.automation.project_id
name = "prod-resman-gke-0" name = "prod-resman-gke-0"
description = "Terraform gke multitenant prod service account." description = "Terraform gke multitenant prod service account."
prefix = var.prefix prefix = var.prefix
@ -63,7 +63,7 @@ module "branch-gke-multitenant-prod-sa" {
module "branch-gke-multitenant-prod-gcs" { module "branch-gke-multitenant-prod-gcs" {
source = "../../../modules/gcs" source = "../../../modules/gcs"
project_id = var.automation_project_id project_id = var.automation.project_id
name = "prod-resman-gke-0" name = "prod-resman-gke-0"
prefix = var.prefix prefix = var.prefix
versioning = true versioning = true
@ -92,7 +92,7 @@ module "branch-gke-multitenant-dev-folder" {
module "branch-gke-multitenant-dev-sa" { module "branch-gke-multitenant-dev-sa" {
source = "../../../modules/iam-service-account" source = "../../../modules/iam-service-account"
project_id = var.automation_project_id project_id = var.automation.project_id
name = "dev-resman-gke-0" name = "dev-resman-gke-0"
description = "Terraform gke multitenant dev service account." description = "Terraform gke multitenant dev service account."
prefix = var.prefix prefix = var.prefix
@ -104,7 +104,7 @@ module "branch-gke-multitenant-dev-sa" {
module "branch-gke-multitenant-dev-gcs" { module "branch-gke-multitenant-dev-gcs" {
source = "../../../modules/gcs" source = "../../../modules/gcs"
project_id = var.automation_project_id project_id = var.automation.project_id
name = "dev-resman-gke-0" name = "dev-resman-gke-0"
prefix = var.prefix prefix = var.prefix
versioning = true versioning = true

1
fast/stages/02-networking-nva/spoke-dev.tf
View File

@ -126,6 +126,7 @@ resource "google_project_iam_binding" "dev_spoke_project_iam_delegated" {
members = [ members = [
local.service_accounts.data-platform-dev, local.service_accounts.data-platform-dev,
local.service_accounts.project-factory-dev, local.service_accounts.project-factory-dev,
local.service_accounts.gke-multitenant-dev,
] ]
condition { condition {
title = "dev_stage3_sa_delegated_grants" title = "dev_stage3_sa_delegated_grants"

1
fast/stages/02-networking-nva/spoke-prod.tf
View File

@ -126,6 +126,7 @@ resource "google_project_iam_binding" "prod_spoke_project_iam_delegated" {
members = [ members = [
local.service_accounts.data-platform-prod, local.service_accounts.data-platform-prod,
local.service_accounts.project-factory-prod, local.service_accounts.project-factory-prod,
local.service_accounts.gke-multitenant-prod,
] ]
condition { condition {
title = "prod_stage3_sa_delegated_grants" title = "prod_stage3_sa_delegated_grants"

2
fast/stages/02-networking-nva/variables.tf
View File

@ -209,6 +209,8 @@ variable "service_accounts" {
type = object({ type = object({
data-platform-dev = string data-platform-dev = string
data-platform-prod = string data-platform-prod = string
gke-multitenant-dev = string
gke-multitenant-prod = string
project-factory-dev = string project-factory-dev = string
project-factory-prod = string project-factory-prod = string
}) })

1
fast/stages/02-networking-peering/spoke-dev.tf
View File

@ -103,6 +103,7 @@ resource "google_project_iam_binding" "dev_spoke_project_iam_delegated" {
members = [ members = [
local.service_accounts.data-platform-dev, local.service_accounts.data-platform-dev,
local.service_accounts.project-factory-dev, local.service_accounts.project-factory-dev,
local.service_accounts.gke-multitenant-dev,
] ]
condition { condition {
title = "dev_stage3_sa_delegated_grants" title = "dev_stage3_sa_delegated_grants"

1
fast/stages/02-networking-peering/spoke-prod.tf
View File

@ -103,6 +103,7 @@ resource "google_project_iam_binding" "prod_spoke_project_iam_delegated" {
members = [ members = [
local.service_accounts.data-platform-prod, local.service_accounts.data-platform-prod,
local.service_accounts.project-factory-prod, local.service_accounts.project-factory-prod,
local.service_accounts.gke-multitenant-prod,
] ]
condition { condition {
title = "prod_stage3_sa_delegated_grants" title = "prod_stage3_sa_delegated_grants"

2
fast/stages/02-networking-peering/variables.tf
View File

@ -187,6 +187,8 @@ variable "service_accounts" {
type = object({ type = object({
data-platform-dev = string data-platform-dev = string
data-platform-prod = string data-platform-prod = string
gke-multitenant-dev = string
gke-multitenant-prod = string
project-factory-dev = string project-factory-dev = string
project-factory-prod = string project-factory-prod = string
}) })

1
fast/stages/03-gke-multitenant/dev/gke-clusters.tf
View File

@ -44,6 +44,7 @@ module "gke-cluster" {
config_connector_config = true config_connector_config = true
kalm_config = false kalm_config = false
gcp_filestore_csi_driver_config = false gcp_filestore_csi_driver_config = false
gke_backup_agent_config = false
# enable only if enable_dataplane_v2 is changed to false below # enable only if enable_dataplane_v2 is changed to false below
network_policy_config = false network_policy_config = false
istio_config = { istio_config = {

2
tests/fast/stages/s02_networking_nva/fixture/main.tf
View File

@ -35,6 +35,8 @@ module "stage" {
service_accounts = { service_accounts = {
data-platform-dev = "string" data-platform-dev = "string"
data-platform-prod = "string" data-platform-prod = "string"
gke-multitenant-dev = "string"
gke-multitenant-prod = "string"
project-factory-dev = "string" project-factory-dev = "string"
project-factory-prod = "string" project-factory-prod = "string"
} }

2
tests/fast/stages/s02_networking_peering/fixture/main.tf
View File

@ -35,6 +35,8 @@ module "stage" {
service_accounts = { service_accounts = {
data-platform-dev = "string" data-platform-dev = "string"
data-platform-prod = "string" data-platform-prod = "string"
gke-multitenant-dev = "string"
gke-multitenant-prod = "string"
project-factory-dev = "string" project-factory-dev = "string"
project-factory-prod = "string" project-factory-prod = "string"
} }

6
tests/modules/gke_hub/test_plan.py
View File

@ -23,11 +23,11 @@ def resources(plan_runner):
def test_resource_count(resources): def test_resource_count(resources):
"Test number of resources created." "Test number of resources created."
assert len(resources) == 8 assert len(resources) == 6
assert sorted(r['address'] for r in resources) == [ assert sorted(r['address'] for r in resources) == [
'module.hub.google_gke_hub_feature.configmanagement["1"]', 'module.hub.google_gke_hub_feature.configmanagement["1"]',
'module.hub.google_gke_hub_feature.mci["mycluster1"]', # 'module.hub.google_gke_hub_feature.mci["mycluster1"]',
'module.hub.google_gke_hub_feature.mci["mycluster2"]', # 'module.hub.google_gke_hub_feature.mci["mycluster2"]',
'module.hub.google_gke_hub_feature.mcs["1"]', 'module.hub.google_gke_hub_feature.mcs["1"]',
'module.hub.google_gke_hub_feature_membership.feature_member["mycluster1"]', 'module.hub.google_gke_hub_feature_membership.feature_member["mycluster1"]',
'module.hub.google_gke_hub_feature_membership.feature_member["mycluster2"]', 'module.hub.google_gke_hub_feature_membership.feature_member["mycluster2"]',