zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/folders-unit
History
Julio Castillo cf423998f0 Align tftest syntax with tdoc 
This commit changes the token separator for inline examples from a
semicolon to a space
 		2022-01-28 21:34:15 +01:00
..
README.md Align tftest syntax with tdoc 2022-01-28 21:34:15 +01:00
locals.tf Copyright bump (#410) 2022-01-01 15:52:31 +01:00
main.tf Copyright bump (#410) 2022-01-01 15:52:31 +01:00
outputs.tf Copyright bump (#410) 2022-01-01 15:52:31 +01:00
variables.tf Copyright bump (#410) 2022-01-01 15:52:31 +01:00
versions.tf Copyright bump (#410) 2022-01-01 15:52:31 +01:00

README.md

Google Cloud Unit Folders Module

This module allows creation and management of an organizational hierarchy "unit" composed of a parent folder (usually mapped to a business unit or team), and a set of child folders (usually mapped to environments) each with a corresponding set of service accounts, IAM bindings and GCS buckets.

Example

module "folders-unit" {
  source                = "./modules/folders-unit"
  name                  = "Business Intelligence"
  short_name            = "bi"
  automation_project_id = "automation-project-394yr923811"
  billing_account_id    = "015617-16GHBC-AF02D9"
  organization_id       = "506128240800"
  root_node             = "folders/93469270123701"
  prefix                = "unique-prefix"
  environments          = {
    dev = "Development",
    test = "Testing",
    prod = "Production"
  }
  service_account_keys  = true
}
# tftest modules=1 resources=37

Variables

name description type required default
automation_project_id Project id used for automation service accounts. string
billing_account_id Country billing account account. string
name Top folder name. string
organization_id Organization id in organizations/nnnnnn format. string
root_node Root node in folders/folder_id or organizations/org_id format. string
short_name Short name used as GCS bucket and service account prefixes, do not use capital letters or spaces. string
environments Unit environments short names. map(string) {…}
gcs_defaults Defaults use for the state GCS buckets. map(string) {…}
iam IAM bindings for the top-level folder in {ROLE => [MEMBERS]} format. map(list(string)) {}
iam_billing_config Grant billing user role to service accounts, defaults to granting on the billing account. object({…}) {…}
iam_enviroment_roles IAM roles granted to the environment service account on the environment sub-folder. list(string) […]
iam_xpn_config Grant Shared VPC creation roles to service accounts, defaults to granting at folder level. object({…}) {…}
prefix Optional prefix used for GCS bucket names to ensure uniqueness. string null
service_account_keys Generate and store service account keys in the state file. bool false

Outputs

name description sensitive
env_folders Unit environments folders.
env_gcs_buckets Unit environments tfstate gcs buckets.
env_sa_keys Unit environments service account keys.
env_service_accounts Unit environments service accounts.
unit_folder Unit top level folder.