819894d2ba
* IAM modules refactor proposal * policy * subheading * Update 20230816-iam-refactor.md * log Julio's +1 * data-catalog-policy-tag * dataproc * dataproc * folder * folder * folder * folder * project * better filtering in test examples * project * folder * folder * organization * fix variable descriptions * kms * net-vpc * dataplex-datascan * modules/iam-service-account * modules/source-repository/ * blueprints/cloud-operations/vm-migration/ * blueprints/third-party-solutions/wordpress * dataplex-datascan * blueprints/cloud-operations/workload-identity-federation * blueprints/data-solutions/cloudsql-multiregion/ * blueprints/data-solutions/composer-2 * Update 20230816-iam-refactor.md * Update 20230816-iam-refactor.md * capture discussion in architectural doc * update variable names and refactor proposal * project * blueprints first round * folder * organization * data-catalog-policy-tag * re-enable folder inventory * project module style fix * dataproc * source-repository * source-repository tests * dataplex-datascan * dataplex-datascan tests * net-vpc * net-vpc test examples * iam-service-account * iam-service-account test examples * kms * boilerplate * tfdoc * fix module tests * more blueprint fixes * fix typo in data blueprints * incomplete refactor of data platform foundations * tfdoc * data platform foundation * refactor data platform foundation iam locals * remove redundant example test * shielded folder fix * fix typo * project factory * project factory outputs * tfdoc * test workflow: less verbose tests, fix tf version * re-enable -vv, shorter traceback, fix action version * ignore github extension warning, re-enable action version * fast bootstrap IAM, untested * bootstrap stage IAM fixes * stage 0 tests * fast stage 1 * tenant stage 1 * minor changes to fast stage 0 and 1 * fast security stage * fast mt stage 0 * fast mt stage 0 * fast pf |
||
---|---|---|
.. | ||
README.md | ||
backend.tf.sample | ||
diagram.png | ||
main.tf | ||
outputs.tf | ||
variables.tf |
README.md
M4CE(v5) - Host and Target Projects
This blueprint creates a Migrate for Compute Engine (v5) environment deployed on an host project with multiple target projects.
The blueprint is designed to implement a M4CE (v5) environment on-top of complex migration landing environments where VMs have to be migrated to multiple target projects. It also includes the IAM wiring needed to make such scenarios work.
This is the high level diagram:
Managed resources and services
This sample creates\updates several distinct groups of resources:
- projects
- Deploy M4CE host project with required services on a new or existing project.
- M4CE target project prerequisites deployed on existing projects.
- IAM
- Create a service account used at runtime by the M4CE connector for data replication
- Grant migration admin roles to provided user or group
- Grant migration viewer role to provided user or group
Variables
name | description | type | required | default |
---|---|---|---|---|
migration_admin | User or group who can create a new M4CE sources and perform all other migration operations, in IAM format (group:foo@example.com ). |
string |
✓ | |
migration_target_projects | List of target projects for m4ce workload migrations. | list(string) |
✓ | |
migration_viewer | User or group authorized to retrieve information about M4CE in the Google Cloud Console, in IAM format (group:foo@example.com ). |
string |
null |
|
project_create | Parameters for the creation of the new project to host the M4CE backend. | object({…}) |
null |
|
project_name | Name of an existing project or of the new project assigned as M4CE host project. | string |
"m4ce-host-project-000" |
Outputs
name | description | sensitive |
---|---|---|
m4ce_gmanaged_service_account | Google managed service account created automatically during the migrate connector registration.. It is used by M4CE to perform activities on target projects. |
Test
module "test" {
source = "./fabric/blueprints/cloud-operations/vm-migration/host-target-projects"
project_create = {
billing_account_id = "1234-ABCD-1234"
parent = "folders/1234563"
}
migration_admin = "user:admin@example.com"
migration_viewer = "user:viewer@example.com"
migration_target_projects = [module.test-target-project.name]
depends_on = [
module.test-target-project
]
}
module "test-target-project" {
source = "./fabric/modules/project"
billing_account = "1234-ABCD-1234"
name = "test-target-project"
project_create = true
}
# tftest modules=5 resources=24