From e4bfa316ac034b17e1bef2d46edaf94c95313186 Mon Sep 17 00:00:00 2001 From: Ludo Date: Fri, 8 Sep 2023 17:59:13 +0200 Subject: [PATCH 1/2] align pf stage sample data to new format --- fast/stages/3-project-factory/dev/README.md | 4 +- .../3-project-factory/dev/data/defaults.yaml | 24 ---- .../dev/data/projects/project.yaml.sample | 103 ------------------ .../dev/data/projects/test-project.yaml | 6 + fast/stages/3-project-factory/dev/main.tf | 2 +- .../stages/3-project-factory/dev/variables.tf | 4 +- 6 files changed, 12 insertions(+), 131 deletions(-) delete mode 100644 fast/stages/3-project-factory/dev/data/defaults.yaml delete mode 100644 fast/stages/3-project-factory/dev/data/projects/project.yaml.sample create mode 100644 fast/stages/3-project-factory/dev/data/projects/test-project.yaml diff --git a/fast/stages/3-project-factory/dev/README.md b/fast/stages/3-project-factory/dev/README.md index c4cc4655b8..4c1fe75d23 100644 --- a/fast/stages/3-project-factory/dev/README.md +++ b/fast/stages/3-project-factory/dev/README.md @@ -79,8 +79,8 @@ terraform apply | name | description | type | required | default | producer | |---|---|:---:|:---:|:---:|:---:| | [billing_account](variables.tf#L19) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | object({…}) | ✓ | | 0-bootstrap | -| [factory_data](variables.tf#L32) | Project data from either YAML files or externally parsed data. | object({…}) | ✓ | | | -| [prefix](variables.tf#L48) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | +| [prefix](variables.tf#L51) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | +| [factory_data](variables.tf#L32) | Project data from either YAML files or externally parsed data. | object({…}) | | {…} | | ## Outputs diff --git a/fast/stages/3-project-factory/dev/data/defaults.yaml b/fast/stages/3-project-factory/dev/data/defaults.yaml deleted file mode 100644 index e52bb132c5..0000000000 --- a/fast/stages/3-project-factory/dev/data/defaults.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# skip boilerplate check - -billing_account_id: 012345-67890A-BCDEF0 - -# [opt] Setup for billing alerts -billing_alert: - amount: 1000 - thresholds: - current: [0.5, 0.8] - forecasted: [0.5, 0.8] - credit_treatment: INCLUDE_ALL_CREDITS - -# [opt] Contacts for billing alerts and important notifications -essential_contacts: ["team-contacts@example.com"] - -# [opt] Labels set for all projects -labels: - environment: dev - department: accounting - application: example-app - foo: bar - -# [opt] Additional notification channels for billing -notification_channels: [] diff --git a/fast/stages/3-project-factory/dev/data/projects/project.yaml.sample b/fast/stages/3-project-factory/dev/data/projects/project.yaml.sample deleted file mode 100644 index cc35b4c569..0000000000 --- a/fast/stages/3-project-factory/dev/data/projects/project.yaml.sample +++ /dev/null @@ -1,103 +0,0 @@ -# skip boilerplate check - -# [opt] Billing account id - overrides default if set -billing_account_id: 012345-67890A-BCDEF0 - -# [opt] Billing alerts config - overrides default if set -billing_alert: - amount: 10 - thresholds: - current: - - 0.5 - - 0.8 - forecasted: [] - credit_treatment: INCLUDE_ALL_CREDITS - -# [opt] DNS zones to be created as children of the environment_dns_zone defined in defaults -dns_zones: - - lorem - - ipsum - -# [opt] Contacts for billing alerts and important notifications -essential_contacts: - - team-a-contacts@example.com - -# Folder the project will be created as children of -parent: folders/012345678901 - -# [opt] Authoritative IAM bindings in group => [roles] format -group_iam: - test-team-foobar@fast-lab-0.gcp-pso-italy.net: - - roles/compute.admin - -# [opt] Authoritative IAM bindings in role => [principals] format -# Generally used to grant roles to service accounts external to the project -iam: - roles/compute.admin: - - serviceAccount:service-account - -# [opt] Service robots and keys they will be assigned as cryptoKeyEncrypterDecrypter -# in service => [keys] format -kms_service_agents: - compute: [key1, key2] - storage: [key1, key2] - -# [opt] Labels for the project - merged with the ones defined in defaults -labels: - environment: dev - -# [opt] Org policy overrides defined at project level -org_policies: - compute.disableGuestAttributesAccess: - rules: - - enforce: true - compute.trustedImageProjects: - rules: - - allow: - values: - - projects/fast-dev-iac-core-0 - compute.vmExternalIpAccess: - rules: - - deny: - all: true - -# [opt] Service account to create for the project and their roles on the project -# in name => [roles] format -service_accounts: - another-service-account: - - roles/compute.admin - my-service-account: - - roles/compute.admin - -# [opt] APIs to enable on the project. -services: - - storage.googleapis.com - - stackdriver.googleapis.com - - compute.googleapis.com - -# [opt] Roles to assign to the service identities in service => [roles] format -service_identities_iam: - compute: - - roles/storage.objectViewer - - # [opt] VPC setup. - # If set enables the `compute.googleapis.com` service and configures - # service project attachment -vpc: - # [opt] If set, enables the container API - gke_setup: - # Grants "roles/container.hostServiceAgentUser" to the container robot if set - enable_host_service_agent: false - - # Grants "roles/compute.securityAdmin" to the container robot if set - enable_security_admin: true - - # Host project the project will be service project of - host_project: fast-dev-net-spoke-0 - - # [opt] Subnets in the host project where principals will be granted networkUser - # in region/subnet-name => [principals] - subnets_iam: - europe-west1/dev-default-ew1: - - user:foobar@example.com - - serviceAccount:service-account1 diff --git a/fast/stages/3-project-factory/dev/data/projects/test-project.yaml b/fast/stages/3-project-factory/dev/data/projects/test-project.yaml new file mode 100644 index 0000000000..15795a84bb --- /dev/null +++ b/fast/stages/3-project-factory/dev/data/projects/test-project.yaml @@ -0,0 +1,6 @@ +labels: + team: team-0 +parent: folders/1234567890 +services: +- compute.googleapis.com +- storage.googleapis.com diff --git a/fast/stages/3-project-factory/dev/main.tf b/fast/stages/3-project-factory/dev/main.tf index 261351cae9..4f23b49281 100644 --- a/fast/stages/3-project-factory/dev/main.tf +++ b/fast/stages/3-project-factory/dev/main.tf @@ -31,7 +31,7 @@ module "projects" { ] } data_overrides = { - prefix = var.prefix + prefix = "${var.prefix}-dev" } factory_data = var.factory_data } diff --git a/fast/stages/3-project-factory/dev/variables.tf b/fast/stages/3-project-factory/dev/variables.tf index d004aeb8e8..c7165e3ced 100644 --- a/fast/stages/3-project-factory/dev/variables.tf +++ b/fast/stages/3-project-factory/dev/variables.tf @@ -36,6 +36,9 @@ variable "factory_data" { data_path = optional(string) }) nullable = false + default = { + data_path = "data/projects" + } validation { condition = ( (var.factory_data.data != null ? 1 : 0) + @@ -49,7 +52,6 @@ variable "prefix" { # tfdoc:variable:source 0-bootstrap description = "Prefix used for resources that need unique names. Use 9 characters or less." type = string - validation { condition = try(length(var.prefix), 0) < 10 error_message = "Use a maximum of 9 characters for prefix." From a32ba61b6f5d247bc7877dc3230bd0edab5b927f Mon Sep 17 00:00:00 2001 From: Ludo Date: Fri, 8 Sep 2023 18:03:03 +0200 Subject: [PATCH 2/2] boilerplate --- .../dev/data/projects/test-project.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/fast/stages/3-project-factory/dev/data/projects/test-project.yaml b/fast/stages/3-project-factory/dev/data/projects/test-project.yaml index 15795a84bb..dfe34e6ccc 100644 --- a/fast/stages/3-project-factory/dev/data/projects/test-project.yaml +++ b/fast/stages/3-project-factory/dev/data/projects/test-project.yaml @@ -1,3 +1,17 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + labels: team: team-0 parent: folders/1234567890