Skip to content

Commit

Permalink
FAST: add support for project parents to bootstrap stage (#799)
Browse files Browse the repository at this point in the history
* FAST: add support for project parents to bootstrap stage

* change as per review comments
  • Loading branch information
ludoo authored Sep 8, 2022
1 parent 1e62078 commit 6035dc1
Show file tree
Hide file tree
Showing 6 changed files with 32 additions and 7 deletions.
1 change: 1 addition & 0 deletions fast/stages/00-bootstrap/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -473,6 +473,7 @@ The remaining configuration is manual, as it regards the repositories themselves
| [iam_additive](variables.tf#L146) | Organization-level custom IAM settings in role => [principal] format for non-authoritative bindings. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> | |
| [log_sinks](variables.tf#L154) | Org-level log sinks, in name => {type, filter} format. | <code title="map&#40;object&#40;&#123;&#10; filter &#61; string&#10; type &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code title="&#123;&#10; audit-logs &#61; &#123;&#10; filter &#61; &#34;logName:&#92;&#34;&#47;logs&#47;cloudaudit.googleapis.com&#37;2Factivity&#92;&#34; OR logName:&#92;&#34;&#47;logs&#47;cloudaudit.googleapis.com&#37;2Fsystem_event&#92;&#34;&#34;&#10; type &#61; &#34;bigquery&#34;&#10; &#125;&#10; vpc-sc &#61; &#123;&#10; filter &#61; &#34;protoPayload.metadata.&#64;type&#61;&#92;&#34;type.googleapis.com&#47;google.cloud.audit.VpcServiceControlAuditMetadata&#92;&#34;&#34;&#10; type &#61; &#34;bigquery&#34;&#10; &#125;&#10;&#125;">&#123;&#8230;&#125;</code> | |
| [outputs_location](variables.tf#L188) | Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable | <code>string</code> | | <code>null</code> | |
| [project_parent_ids](variables.tf#L204) | Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent. | <code title="object&#40;&#123;&#10; automation &#61; string&#10; billing &#61; string&#10; logging &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; automation &#61; null&#10; billing &#61; null&#10; logging &#61; null&#10;&#125;">&#123;&#8230;&#125;</code> | |

## Outputs

Expand Down
6 changes: 4 additions & 2 deletions fast/stages/00-bootstrap/automation.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,10 @@ module "automation-project" {
source = "../../../modules/project"
billing_account = var.billing_account.id
name = "iac-core-0"
parent = "organizations/${var.organization.id}"
prefix = local.prefix
parent = coalesce(
var.project_parent_ids.automation, "organizations/${var.organization.id}"
)
prefix = local.prefix
# human (groups) IAM bindings
group_iam = {
(local.groups.gcp-devops) = [
Expand Down
6 changes: 4 additions & 2 deletions fast/stages/00-bootstrap/billing.tf
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,10 @@ module "billing-export-project" {
count = local.billing_org ? 1 : 0
billing_account = var.billing_account.id
name = "billing-exp-0"
parent = "organizations/${var.organization.id}"
prefix = local.prefix
parent = coalesce(
var.project_parent_ids.billing, "organizations/${var.organization.id}"
)
prefix = local.prefix
iam = {
"roles/owner" = [module.automation-tf-bootstrap-sa.iam_email]
}
Expand Down
8 changes: 5 additions & 3 deletions fast/stages/00-bootstrap/log-export.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,11 @@ locals {
}

module "log-export-project" {
source = "../../../modules/project"
name = "audit-logs-0"
parent = "organizations/${var.organization.id}"
source = "../../../modules/project"
name = "audit-logs-0"
parent = coalesce(
var.project_parent_ids.logging, "organizations/${var.organization.id}"
)
prefix = local.prefix
billing_account = var.billing_account.id
iam = {
Expand Down
3 changes: 3 additions & 0 deletions fast/stages/00-bootstrap/organization.tf
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ locals {
[module.automation-tf-bootstrap-sa.iam_email],
local._iam_bootstrap_user
)
"roles/resourcemanager.projectMover" = [
module.automation-tf-bootstrap-sa.iam_email
]
"roles/resourcemanager.tagAdmin" = [
module.automation-tf-resman-sa.iam_email
]
Expand Down
15 changes: 15 additions & 0 deletions fast/stages/00-bootstrap/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -200,3 +200,18 @@ variable "prefix" {
error_message = "Use a maximum of 9 characters for prefix."
}
}

variable "project_parent_ids" {
description = "Optional parents for projects created here in folders/nnnnnnn format. Null values will use the organization as parent."
type = object({
automation = string
billing = string
logging = string
})
default = {
automation = null
billing = null
logging = null
}
nullable = false
}

0 comments on commit 6035dc1

Please sign in to comment.