Skip to content

Commit

Permalink
Fix outputs and set privder to network-security-providers.tf
Browse files Browse the repository at this point in the history
  • Loading branch information
Luca Prete committed Aug 8, 2024
1 parent e5ce1fb commit 8d5398b
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 15 deletions.
4 changes: 2 additions & 2 deletions fast/stage-links.sh
Original file line number Diff line number Diff line change
Expand Up @@ -90,13 +90,13 @@ case $STAGE_NAME in
"3-network-security"*)
if [[ -z "$TENANT" ]]; then
echo "# if this is a tenant stage, set a \$TENANT variable with the tenant shortname and run the command again"
PROVIDER="providers/3-nsec-providers.tf"
PROVIDER="providers/3-network-security-providers.tf"
TFVARS="tfvars/0-bootstrap.auto.tfvars.json
tfvars/1-resman.auto.tfvars.json
tfvars/2-networking.auto.tfvars.json"
else
unset GLOBALS
PROVIDER="tenants/$TENANT/providers/3-nsec-providers.tf"
PROVIDER="tenants/$TENANT/providers/3-network-security-providers.tf"
TFVARS="tenants/$TENANT/tfvars/0-bootstrap-tenant.auto.tfvars.json
tenants/$TENANT/tfvars/1-resman.auto.tfvars.json
tenants/$TENANT/tfvars/2-networking.auto.tfvars.json"
Expand Down
2 changes: 1 addition & 1 deletion fast/stages/1-resman/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -294,7 +294,7 @@ A full reference of IAM roles managed by this stage [is available here](./IAM.md
| [gke_multitenant](outputs.tf#L458) | Data for the GKE multitenant stage. | | <code>03-gke-multitenant</code> |
| [networking](outputs.tf#L479) | Data for the networking stage. | | |
| [project_factories](outputs.tf#L488) | Data for the project factories stage. | | |
| [providers](outputs.tf#L507) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>03-nsec</code> |
| [providers](outputs.tf#L507) | Terraform provider files for this stage and dependent stages. | ✓ | <code>02-networking</code> · <code>02-security</code> · <code>03-dataplatform</code> · <code>03-network-security</code> |
| [sandbox](outputs.tf#L514) | Data for the sandbox stage. | | <code>xx-sandbox</code> |
| [security](outputs.tf#L528) | Data for the networking stage. | | <code>02-security</code> |
| [tfvars](outputs.tf#L539) | Terraform variable files for the following stages. | ✓ | |
Expand Down
18 changes: 9 additions & 9 deletions fast/stages/1-resman/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,8 @@ locals {
plan = try(module.branch-nsec-r-sa-cicd[0].email, null)
}
tf_providers_files = {
apply = "3-nsec-providers.tf"
plan = "3-nsec-r-providers.tf"
apply = "3-network-security-providers.tf"
plan = "3-network-security-r-providers.tf"
}
tf_var_files = local.cicd_workflow_var_files.stage_3
}
Expand Down Expand Up @@ -209,16 +209,16 @@ locals {
name = "security"
sa = module.branch-security-r-sa.email
})
"3-nsec" = templatefile(local._tpl_providers, {
"3-network-security" = templatefile(local._tpl_providers, {
backend_extra = null
bucket = module.branch-nsec-gcs.name
name = "nsec"
name = "network-security"
sa = module.branch-nsec-sa.email
})
"3-nsec-r" = templatefile(local._tpl_providers, {
"3-network-security-r" = templatefile(local._tpl_providers, {
backend_extra = null
bucket = module.branch-network-gcs.name
name = "nsec"
name = "network-security"
sa = module.branch-nsec-r-sa.email
})
},
Expand Down Expand Up @@ -370,8 +370,8 @@ locals {
gke-dev-r = try(module.branch-gke-dev-r-sa[0].email, null)
gke-prod = try(module.branch-gke-prod-sa[0].email, null)
gke-prod-r = try(module.branch-gke-prod-r-sa[0].email, null)
nsec = module.branch-nsec-sa.email
nsec-r = module.branch-nsec-r-sa.email
nsec = module.branch-nsec-sa.email
nsec-r = module.branch-nsec-r-sa.email
networking = module.branch-network-sa.email
networking-r = module.branch-network-r-sa.email
project-factory = try(module.branch-pf-sa[0].email, null)
Expand Down Expand Up @@ -505,7 +505,7 @@ output "project_factories" {

# ready to use provider configurations for subsequent stages
output "providers" {
# tfdoc:output:consumers 02-networking 02-security 03-dataplatform 03-nsec
# tfdoc:output:consumers 02-networking 02-security 03-dataplatform 03-network-security
description = "Terraform provider files for this stage and dependent stages."
sensitive = true
value = local.providers
Expand Down
5 changes: 2 additions & 3 deletions fast/stages/3-network-security/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ The commands to link or copy the provider and terraform variable files can be ea

# copy and paste the following commands for '3-network-security'

ln -s ~/fast-config/providers/3-nsec-providers.tf ./
ln -s ~/fast-config/providers/3-network-security-providers.tf ./
ln -s ~/fast-config/tfvars/0-globals.auto.tfvars.json ./
ln -s ~/fast-config/tfvars/0-bootstrap.auto.tfvars.json ./
ln -s ~/fast-config/tfvars/1-resman.auto.tfvars.json ./
Expand All @@ -69,7 +69,7 @@ ln -s ~/fast-config/tfvars/2-networking.auto.tfvars.json ./

# copy and paste the following commands for '3-network-security'

gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/3-nsec-providers.tf ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/3-network-security-providers.tf ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/1-resman.auto.tfvars.json ./
Expand Down Expand Up @@ -143,7 +143,6 @@ ngfw_enterprise_config = {

| name | description | modules | resources |
|---|---|---|---|
| [3-nsec-providers.tf](./3-nsec-providers.tf) | None | | |
| [main.tf](./main.tf) | Next-Generation Firewall Enterprise configuration. | <code>project</code> | <code>google_network_security_firewall_endpoint</code> |
| [net-dev.tf](./net-dev.tf) | Security components for dev spoke VPC. | <code>net-firewall-policy</code> | <code>google_network_security_firewall_endpoint_association</code> · <code>google_network_security_security_profile</code> · <code>google_network_security_security_profile_group</code> |
| [net-prod.tf](./net-prod.tf) | Security components for prod spoke VPC. | <code>net-firewall-policy</code> | <code>google_network_security_firewall_endpoint_association</code> · <code>google_network_security_security_profile</code> · <code>google_network_security_security_profile_group</code> |
Expand Down

0 comments on commit 8d5398b

Please sign in to comment.