moved blocks and fixes for FAST v33-v34 transition (#2541)

GoogleCloudPlatform · Aug 30, 2024 · 579c729 · 579c729
1 parent 80343fa
commit 579c729
Show file tree

Hide file tree

Showing 7 changed files with 105 additions and 84 deletions.
diff --git a/fast/stages/1-resman/README.md b/fast/stages/1-resman/README.md
diff --git a/fast/stages/1-resman/branch-nsec.tf b/fast/stages/1-resman/branch-nsec.tf
@@ -16,13 +16,25 @@
 
 # tfdoc:file:description Network security stage resources.
 
-# automation service account
+# TODO: remove in v35.0.0
 
 moved {
   from = module.branch-nsec-sa
   to   = module.branch-nsec-sa[0]
 }
 
+moved {
+  from = module.branch-nsec-r-sa
+  to   = module.branch-nsec-r-sa[0]
+}
+
+moved {
+  from = module.branch-nsec-gcs
+  to   = module.branch-nsec-gcs[0]
+}
+
+# automation service account
+
 module "branch-nsec-sa" {
   source                 = "../../../modules/iam-service-account"
   count                  = var.fast_features.nsec ? 1 : 0
@@ -46,11 +58,6 @@ module "branch-nsec-sa" {
 
 # automation read-only service account
 
-moved {
-  from = module.branch-nsec-r-sa
-  to   = module.branch-nsec-r-sa[0]
-}
-
 module "branch-nsec-r-sa" {
   source       = "../../../modules/iam-service-account"
   count        = var.fast_features.nsec ? 1 : 0
@@ -73,11 +80,6 @@ module "branch-nsec-r-sa" {
 
 # automation bucket
 
-moved {
-  from = module.branch-nsec-gcs
-  to   = module.branch-nsec-gcs[0]
-}
-
 module "branch-nsec-gcs" {
   source     = "../../../modules/gcs"
   count      = var.fast_features.nsec ? 1 : 0

diff --git a/fast/stages/1-resman/branch-project-factory.tf b/fast/stages/1-resman/branch-project-factory.tf
@@ -18,11 +18,6 @@
 
 # automation service accounts
 
-moved {
-  from = module.branch-pf-sa[0]
-  to   = module.branch-pf-sa
-}
-
 module "branch-pf-sa" {
   source       = "../../../modules/iam-service-account"
   project_id   = var.automation.project_id
@@ -42,11 +37,6 @@ module "branch-pf-sa" {
   }
 }
 
-moved {
-  from = module.branch-pf-dev-sa[0]
-  to   = module.branch-pf-dev-sa
-}
-
 module "branch-pf-dev-sa" {
   source       = "../../../modules/iam-service-account"
   project_id   = var.automation.project_id
@@ -66,11 +56,6 @@ module "branch-pf-dev-sa" {
   }
 }
 
-moved {
-  from = module.branch-pf-prod-sa[0]
-  to   = module.branch-pf-prod-sa
-}
-
 module "branch-pf-prod-sa" {
   source       = "../../../modules/iam-service-account"
   project_id   = var.automation.project_id
@@ -92,11 +77,6 @@ module "branch-pf-prod-sa" {
 
 # automation read-only service accounts
 
-moved {
-  from = module.branch-pf-r-sa[0]
-  to   = module.branch-pf-r-sa
-}
-
 module "branch-pf-r-sa" {
   source       = "../../../modules/iam-service-account"
   project_id   = var.automation.project_id
@@ -116,11 +96,6 @@ module "branch-pf-r-sa" {
   }
 }
 
-moved {
-  from = module.branch-pf-dev-r-sa[0]
-  to   = module.branch-pf-dev-r-sa
-}
-
 module "branch-pf-dev-r-sa" {
   source       = "../../../modules/iam-service-account"
   project_id   = var.automation.project_id
@@ -140,11 +115,6 @@ module "branch-pf-dev-r-sa" {
   }
 }
 
-moved {
-  from = module.branch-pf-prod-r-sa[0]
-  to   = module.branch-pf-prod-r-sa
-}
-
 module "branch-pf-prod-r-sa" {
   source       = "../../../modules/iam-service-account"
   project_id   = var.automation.project_id
@@ -166,11 +136,6 @@ module "branch-pf-prod-r-sa" {
 
 # automation buckets
 
-moved {
-  from = module.branch-pf-gcs[0]
-  to   = module.branch-pf-gcs
-}
-
 module "branch-pf-gcs" {
   source     = "../../../modules/gcs"
   project_id = var.automation.project_id
@@ -184,11 +149,6 @@ module "branch-pf-gcs" {
   }
 }
 
-moved {
-  from = module.branch-pf-dev-gcs[0]
-  to   = module.branch-pf-dev-gcs
-}
-
 module "branch-pf-dev-gcs" {
   source     = "../../../modules/gcs"
   project_id = var.automation.project_id
@@ -202,11 +162,6 @@ module "branch-pf-dev-gcs" {
   }
 }
 
-moved {
-  from = module.branch-pf-prod-gcs[0]
-  to   = module.branch-pf-prod-gcs
-}
-
 module "branch-pf-prod-gcs" {
   source     = "../../../modules/gcs"
   project_id = var.automation.project_id

diff --git a/fast/stages/1-resman/moved/v33.0.0-v34.0.0.tf b/fast/stages/1-resman/moved/v33.0.0-v34.0.0.tf
@@ -0,0 +1,61 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+moved {
+  from = module.branch-pf-sa[0]
+  to   = module.branch-pf-sa
+}
+
+moved {
+  from = module.branch-pf-dev-sa[0]
+  to   = module.branch-pf-dev-sa
+}
+
+moved {
+  from = module.branch-pf-prod-sa[0]
+  to   = module.branch-pf-prod-sa
+}
+
+moved {
+  from = module.branch-pf-r-sa[0]
+  to   = module.branch-pf-r-sa
+}
+
+moved {
+  from = module.branch-pf-dev-r-sa[0]
+  to   = module.branch-pf-dev-r-sa
+}
+
+moved {
+  from = module.branch-pf-prod-r-sa[0]
+  to   = module.branch-pf-prod-r-sa
+}
+
+moved {
+  from = module.branch-pf-gcs[0]
+  to   = module.branch-pf-gcs
+}
+
+moved {
+  from = module.branch-pf-dev-gcs[0]
+  to   = module.branch-pf-dev-gcs
+}
+
+moved {
+  from = module.branch-pf-prod-gcs[0]
+  to   = module.branch-pf-prod-gcs
+}
+
diff --git a/fast/stages/1-resman/variables-fast.tf b/fast/stages/1-resman/variables-fast.tf
@@ -54,13 +54,14 @@ variable "custom_roles" {
   # tfdoc:variable:source 0-bootstrap
   description = "Custom roles defined at the org level, in key => id format."
   type = object({
-    gcve_network_admin              = string
-    network_firewall_policies_admin = string
-    ngfw_enterprise_admin           = string
-    ngfw_enterprise_viewer          = string
-    organization_admin_viewer       = string
-    service_project_network_admin   = string
-    storage_viewer                  = string
+    gcve_network_admin               = string
+    network_firewall_policies_admin  = string
+    network_firewall_policies_viewer = string
+    ngfw_enterprise_admin            = string
+    ngfw_enterprise_viewer           = string
+    organization_admin_viewer        = string
+    service_project_network_admin    = string
+    storage_viewer                   = string
   })
   default = null
 }

diff --git a/tests/fast/stages/s1_resman/checklist.tfvars b/tests/fast/stages/s1_resman/checklist.tfvars
@@ -13,13 +13,14 @@ billing_account = {
 }
 custom_roles = {
   # organization_iam_admin = "organizations/123456789012/roles/organizationIamAdmin",
-  gcve_network_admin              = "organizations/123456789012/roles/gcveNetworkAdmin"
-  network_firewall_policies_admin = "organizations/123456789012/roles/networkFirewallPoliciesAdmin"
-  ngfw_enterprise_admin           = "organizations/123456789012/roles/ngfwEnterpriseAdmin"
-  ngfw_enterprise_viewer          = "organizations/123456789012/roles/ngfwEnterpriseViewer"
-  organization_admin_viewer       = "organizations/123456789012/roles/organizationAdminViewer"
-  service_project_network_admin   = "organizations/123456789012/roles/xpnServiceAdmin"
-  storage_viewer                  = "organizations/123456789012/roles/storageViewer"
+  gcve_network_admin               = "organizations/123456789012/roles/gcveNetworkAdmin"
+  network_firewall_policies_admin  = "organizations/123456789012/roles/networkFirewallPoliciesAdmin"
+  network_firewall_policies_viewer = "organizations/123456789012/roles/networkFirewallPoliciesViewer"
+  ngfw_enterprise_admin            = "organizations/123456789012/roles/ngfwEnterpriseAdmin"
+  ngfw_enterprise_viewer           = "organizations/123456789012/roles/ngfwEnterpriseViewer"
+  organization_admin_viewer        = "organizations/123456789012/roles/organizationAdminViewer"
+  service_project_network_admin    = "organizations/123456789012/roles/xpnServiceAdmin"
+  storage_viewer                   = "organizations/123456789012/roles/storageViewer"
 }
 factories_config = {
   checklist_data = "checklist-data.json"

diff --git a/tests/fast/stages/s1_resman/simple.tfvars b/tests/fast/stages/s1_resman/simple.tfvars
@@ -13,13 +13,14 @@ billing_account = {
 }
 custom_roles = {
   # organization_iam_admin = "organizations/123456789012/roles/organizationIamAdmin",
-  gcve_network_admin              = "organizations/123456789012/roles/gcveNetworkAdmin"
-  network_firewall_policies_admin = "organizations/123456789012/roles/networkFirewallPoliciesAdmin"
-  ngfw_enterprise_admin           = "organizations/123456789012/roles/ngfwEnterpriseAdmin"
-  ngfw_enterprise_viewer          = "organizations/123456789012/roles/ngfwEnterpriseViewer"
-  organization_admin_viewer       = "organizations/123456789012/roles/organizationAdminViewer"
-  service_project_network_admin   = "organizations/123456789012/roles/xpnServiceAdmin"
-  storage_viewer                  = "organizations/123456789012/roles/storageViewer"
+  gcve_network_admin               = "organizations/123456789012/roles/gcveNetworkAdmin"
+  network_firewall_policies_admin  = "organizations/123456789012/roles/networkFirewallPoliciesAdmin"
+  network_firewall_policies_viewer = "organizations/123456789012/roles/networkFirewallPoliciesViewer"
+  ngfw_enterprise_admin            = "organizations/123456789012/roles/ngfwEnterpriseAdmin"
+  ngfw_enterprise_viewer           = "organizations/123456789012/roles/ngfwEnterpriseViewer"
+  organization_admin_viewer        = "organizations/123456789012/roles/organizationAdminViewer"
+  service_project_network_admin    = "organizations/123456789012/roles/xpnServiceAdmin"
+  storage_viewer                   = "organizations/123456789012/roles/storageViewer"
 }
 groups = {
   gcp-billing-admins      = "gcp-billing-admins",