History

Julio Castillo 1d13e3e624 Add more validations to linter - Ensure all variables and outputs are sorted - Ensure all variables and outputs have a description - Add data-solutions/data-platform-foundations to linter Fix all modules to follow these new conventions.		2021-10-08 18:26:04 +02:00
..
README.md	Make examples in READMEs runnable and testable	2020-11-07 10:28:33 +01:00
locals.tf	Update CI processes (#296 )	2021-08-12 17:30:53 +02:00
main.tf	Update copyright to 2021	2021-02-15 09:38:10 +01:00
outputs.tf	Add more validations to linter	2021-10-08 18:26:04 +02:00
variables.tf	Update copyright to 2021	2021-02-15 09:38:10 +01:00
versions.tf	Update copyright to 2021	2021-02-15 09:38:10 +01:00

README.md

Google Cloud Unit Folders Module

This module allows creation and management of an organizational hierarchy "unit" composed of a parent folder (usually mapped to a business unit or team), and a set of child folders (usually mapped to environments) each with a corresponding set of service accounts, IAM bindings and GCS buckets.

Example

module "folders-unit" {
  source                = "./modules/folders-unit"
  name                  = "Business Intelligence"
  short_name            = "bi"
  automation_project_id = "automation-project-394yr923811"
  billing_account_id    = "015617-16GHBC-AF02D9"
  organization_id       = "506128240800"
  root_node             = "folders/93469270123701"
  prefix                = "unique-prefix"
  environments          = {
    dev = "Development",
    test = "Testing",
    prod = "Production"
  }
  service_account_keys  = true
}
# tftest:modules=1:resources=37

Variables

name	description	type	required	default
automation_project_id	Project id used for automation service accounts.	`string`	✓
billing_account_id	Country billing account account.	`string`	✓
name	Top folder name.	`string`	✓
organization_id	Organization id in organizations/nnnnnn format.	`string`	✓
root_node	Root node in folders/folder_id or organizations/org_id format.	`string`	✓
short_name	Short name used as GCS bucket and service account prefixes, do not use capital letters or spaces.	`string`	✓
environments	Unit environments short names.	`map(string)`		`...`
gcs_defaults	Defaults use for the state GCS buckets.	`map(string)`		`...`
iam	IAM bindings for the top-level folder in {ROLE => [MEMBERS]} format.	`map(list(string))`		`{}`
iam_billing_config	Grant billing user role to service accounts, defaults to granting on the billing account.	`object({...})`		`...`
iam_enviroment_roles	IAM roles granted to the environment service account on the environment sub-folder.	`list(string)`		`...`
iam_xpn_config	Grant Shared VPC creation roles to service accounts, defaults to granting at folder level.	`object({...})`		`...`
prefix	Optional prefix used for GCS bucket names to ensure uniqueness.	`string`		`null`
service_account_keys	Generate and store service account keys in the state file.	`bool`		`false`

Outputs

name	description	sensitive
env_folders	Unit environments folders.
env_gcs_buckets	Unit environments tfstate gcs buckets.
env_sa_keys	Unit environments service account keys.	✓
env_service_accounts	Unit environments service accounts.
unit_folder	Unit top level folder.