History

Ludovico Magnocavallo 409407ae7d Refactor the onprem module (#55 ) * move onprem to cos-container * compute-vm: fix external addresses output * folders-unit: update README * update onprem module, add new fields to cos-container test instance * coredns: process corefile as a template * onprem: fixes * modules/cos-container: rename to cloud-config-container infra/onprem: remove test output * Update README.md * update CHANGELOG for v1.1.0 * fix cloud config modules tests * Update main.tf * add container nginx module		2020-04-06 16:27:13 +02:00
..
README.md	Refactor the onprem module (#55 )	2020-04-06 16:27:13 +02:00
locals.tf	Merge development branch (#44 )	2020-04-03 14:06:48 +02:00
main.tf	Merge development branch (#44 )	2020-04-03 14:06:48 +02:00
outputs.tf	Merge development branch (#44 )	2020-04-03 14:06:48 +02:00
variables.tf	Merge development branch (#44 )	2020-04-03 14:06:48 +02:00
versions.tf	Merge development branch (#44 )	2020-04-03 14:06:48 +02:00

README.md

Google Cloud Unit Folders Module

This module allows creation and management of an organizational hierarchy "unit" composed of a parent folder (usually mapped to a business unit or team), and a set of child folders (usually mapped to environments) each with a corresponding set of service accounts, IAM bindings and GCS buckets.

Example

module "folders-unit" {
  source                = "./modules/folders-unit"
  name                  = "Business Intelligence"
  short_name            = "bi"
  automation_project_id = "automation-project-394yr923811"
  billing_account_id    = "015617-16GHBC-AF02D9"
  organization_id       = "506128240800"
  root_node             = "folders/93469270123701"
  prefix                = "unique-prefix"
  environments          = {
    dev = "Development",
    test = "Testing",
    prod = "Production"
  }
  service_account_keys  = true
}

Variables

name	description	type	required	default
automation_project_id	Project id used for automation service accounts.	`string`	✓
billing_account_id	Country billing account account.	`string`	✓
name	Top folder name.	`string`	✓
organization_id	Organization id in organizations/nnnnnn format.	`string`	✓
root_node	Root node in folders/folder_id or organizations/org_id format.	`string`	✓
short_name	Short name used as GCS bucket and service account prefixes, do not use capital letters or spaces.	`string`	✓
environments	Unit environments short names.	`map(string)`		`...`
gcs_defaults	Defaults use for the state GCS buckets.	`map(string)`		`...`
iam_billing_config	Grant billing user role to service accounts, defaults to granting on the billing account.	`object({...})`		`...`
iam_enviroment_roles	IAM roles granted to the environment service account on the environment sub-folder.	`list(string)`		`...`
iam_members	IAM members for roles applied on the unit folder.	`map(list(string))`		`null`
iam_roles	IAM roles applied on the unit folder.	`list(string)`		`null`
iam_xpn_config	Grant Shared VPC creation roles to service accounts, defaults to granting at folder level.	`object({...})`		`...`
prefix	Optional prefix used for GCS bucket names to ensure uniqueness.	`string`		`null`
service_account_keys	Generate and store service account keys in the state file.	`bool`		`false`

Outputs

name	description	sensitive
env_folders	Unit environments folders.
env_gcs_buckets	Unit environments tfstate gcs buckets.
env_sa_keys	Unit environments service account keys.	✓
env_service_accounts	Unit environments service accounts.
unit_folder	Unit top level folder.