zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/projects-data-source
History
Ludovico Magnocavallo 6941313c7d
Factories refactor (#1843) 
* factories refactor doc

* Adds file schema and filesystem organization

* Update 20231106-factories.md

* move factories out of blueprints and create new factories  README

* align factory in billing-account module

* align factory in dataplex-datascan module

* align factory in billing-account module

* align factory in net-firewall-policy module

* align factory in dns-response-policy module

* align factory in net-vpc-firewall module

* align factory in net-vpc module

* align factory variable names in FAST

* remove decentralized firewall blueprint

* bump terraform version

* bump module versions

* update top-level READMEs

* move project factory to modules

* fix variable names and tests

* tfdoc

* remove changelog link

* add project factory to top-level README

* fix cludrun eventarc diff

* fix README

* fix cludrun eventarc diff

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 		2024-02-26 10:16:52 +00:00
..
README.md Fixing some typos 2023-08-18 05:51:00 +00:00
main.tf TF formatting 2023-02-18 21:48:05 +01:00
outputs.tf feat: new version of projects-data-source based on AssetInventory ds 2023-02-18 21:36:51 +01:00
variables.tf Update variables.tf 2023-08-18 10:07:23 +02:00
versions.tf Factories refactor (#1843) 2024-02-26 10:16:52 +00:00

README.md

Projects Data Source Module

This module extends functionality of google_projects data source by retrieving all the projects under a specific parent recursively with only one API call against Cloud Asset Inventory service.

A good usage pattern would be when we want all the projects under a specific folder (including nested subfolders) to be included into VPC Service Controls. Instead of manually maintaining the list of project numbers as an input to the vpc-sc module we can use that module to retrieve all the project numbers dynamically.

IAM Permissions required

  • roles/cloudasset.viewer on the parent level or above

Examples

All projects in my org

module "my-org" {
  source     = "./fabric/modules/projects-data-source"
  parent     = "organizations/123456789"
}

output "project_numbers" {
  value = module.my-org.project_numbers
}

# tftest skip (uses data sources)

My dev projects based on parent and label

module "my-dev" {
  source = "./fabric/modules/projects-data-source"
  parent = "folders/123456789"
  query = "labels.env:DEV state:ACTIVE"
}

output "dev-projects" {
  value = module.my-dev.projects
}

# tftest skip (uses data sources)

Projects under org with folder/project exclusions

module "my-filtered" {
  source = "./fabric/modules/projects-data-source"
  parent     = "organizations/123456789"
  ignore_projects = [
    "sandbox-*",       # wildcard ignore
    "project-full-id", # specific project id
    "0123456789"       # specific project number
  ]

  include_projects = [
    "sandbox-114",  # include specific project which was excluded by wildcard
    "415216609246"  # include specific project which was excluded by wildcard (by project number)
  ]

  ignore_folders = [  # subfolders are ingoner as well
    "343991594985", 
    "437102807785",
    "345245235245"
  ]
  query = "state:ACTIVE"
}

output "filtered-projects" {
  value = module.my-filtered.projects
}

# tftest skip (uses data sources)

Variables

name description type required default
parent Parent folder or organization in 'folders/folder_id' or 'organizations/org_id' format. string
ignore_folders A list of folder IDs or numbers to be excluded from the output, all the subfolders and projects are excluded from the output regardless of the include_projects variable. list(string) []
ignore_projects A list of project IDs, numbers or prefixes to exclude matching projects from the module output. list(string) []
include_projects A list of project IDs/numbers to include to the output if some of them are excluded by ignore_projects wildcard entries. list(string) []
query A string query as defined in the Query Syntax. string "state:ACTIVE"

Outputs

name description sensitive
project_numbers List of project numbers.
projects List of projects in StandardResourceMetadata format.