zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/fast/stages/1-resman/main.tf

85 lines
2.6 KiB
HCL
Raw Blame History

/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
# convenience flags that express where billing account resides
automation_resman_sa = try(
data.google_client_openid_userinfo.provider_identity.0.email, null
)
automation_resman_sa_iam = (
local.automation_resman_sa == null
? []
: ["serviceAccount:${local.automation_resman_sa}"]
)
branch_optional_sa_lists = {
dp-dev = compact([try(module.branch-dp-dev-sa.0.iam_email, "")])
dp-prod = compact([try(module.branch-dp-prod-sa.0.iam_email, "")])
gke-dev = compact([try(module.branch-gke-dev-sa.0.iam_email, "")])
gke-prod = compact([try(module.branch-gke-prod-sa.0.iam_email, "")])
pf-dev = compact([try(module.branch-pf-dev-sa.0.iam_email, "")])
pf-prod = compact([try(module.branch-pf-prod-sa.0.iam_email, "")])
}
cicd_repositories = {
for k, v in coalesce(var.cicd_repositories, {}) : k => v
if(
v != null &&
(
try(v.type, null) == "sourcerepo"
||
contains(
keys(local.identity_providers),
coalesce(try(v.identity_provider, null), ":")
)
) &&
fileexists("${path.module}/templates/workflow-${try(v.type, "")}.yaml")
)
}
cicd_workflow_var_files = {
stage_2 = [
"0-bootstrap.auto.tfvars.json",
"1-resman.auto.tfvars.json",
"globals.auto.tfvars.json"
]
stage_3 = [
"0-bootstrap.auto.tfvars.json",
"1-resman.auto.tfvars.json",
"globals.auto.tfvars.json",
"2-networking.auto.tfvars.json",
"2-security.auto.tfvars.json"
]
}
custom_roles = coalesce(var.custom_roles, {})
gcs_storage_class = (
length(split("-", var.locations.gcs)) < 2
? "MULTI_REGIONAL"
: "REGIONAL"
)
groups = {
for k, v in var.groups :
k => "${v}@${var.organization.domain}"
}
groups_iam = {
for k, v in local.groups : k => v != null ? "group:${v}" : null
}
identity_providers = coalesce(
try(var.automation.federated_identity_providers, null), {}
)
}
data "google_client_openid_userinfo" "provider_identity" {
count = length(local.cicd_repositories) > 0 ? 1 : 0
}
Reference in New Issue View Git Blame Copy Permalink