From e94d5b05bbe96408aba84eda448447d36790c172 Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Tue, 7 Feb 2023 19:52:20 +0000 Subject: [PATCH] chore(master): release 3.0.1 --- 0-bootstrap/README.md | 43 +++++++++---------- 0-bootstrap/versions.tf | 2 +- 1-org/envs/shared/versions.tf | 4 +- .../modules/env_baseline/versions.tf | 4 +- .../modules/base_shared_vpc/versions.tf | 4 +- .../dedicated_interconnect/versions.tf | 4 +- .../hierarchical_firewall_policy/versions.tf | 4 +- .../modules/partner_interconnect/versions.tf | 4 +- .../modules/restricted_shared_vpc/versions.tf | 4 +- .../modules/base_shared_vpc/versions.tf | 4 +- .../dedicated_interconnect/versions.tf | 4 +- .../hierarchical_firewall_policy/versions.tf | 4 +- .../modules/partner_interconnect/versions.tf | 4 +- .../modules/restricted_shared_vpc/versions.tf | 4 +- .../modules/transitivity/versions.tf | 4 +- .../modules/infra_pipelines/versions.tf | 4 +- 4-projects/modules/single_project/versions.tf | 4 +- 5-app-infra/modules/env_base/versions.tf | 4 +- CHANGELOG.md | 7 +++ 19 files changed, 61 insertions(+), 55 deletions(-) diff --git a/0-bootstrap/README.md b/0-bootstrap/README.md index 49cb10d2ab..cef11e897d 100644 --- a/0-bootstrap/README.md +++ b/0-bootstrap/README.md @@ -2,7 +2,7 @@ This repo is part of a multi-part guide that shows how to configure and deploy the example.com reference architecture described in -[Google Cloud security foundations guide](https://cloud.google.com/architecture/security-foundations). The following table lists the stages of this deployment. +[Google Cloud security foundations guide](https://cloud.google.com/architecture/security-foundations). The following table lists the parts of the guide. @@ -10,12 +10,12 @@ the example.com reference architecture described in - @@ -35,7 +35,7 @@ up the global DNS hub. +Hub and Spoke network model. It also sets up the global DNS hub @@ -45,7 +45,7 @@ Hub and Spoke network model. It also sets up the global DNS hub. - +
0-bootstrap (this file) Bootstraps a Google Cloud organization, creating all the required resources and permissions to start using the Cloud Foundation Toolkit (CFT). This -step also configures a CI/CD pipeline for foundations code in subsequent +step also configures a CI/CD Pipeline for foundations code in subsequent stages.
1-orgSets up top-level shared folders, monitoring and networking projects, and +Sets up top level shared folders, monitoring and networking projects, and organization-level logging, and sets baseline security settings through organizational policy.
3-networks-hub-and-spoke Sets up base and restricted shared VPCs with all the default configuration found on step 3-networks-dual-svpc, but here the architecture will be based on the -Hub and Spoke network model. It also sets up the global DNS hub.
5-app-infraDeploy a Compute Engine instance in one of the business unit projects using the infra pipeline setup in 4-projects.Deploy a simple Compute Engine instance in one of the business unit projects using the infra pipeline set up in 4-projects.
@@ -56,13 +56,14 @@ file. ## Purpose -The purpose of this step is to bootstrap a Google Cloud organization, creating all the required resources and permissions to start using the Cloud Foundation Toolkit (CFT). This step also configures a [CI/CD Pipeline](/docs/GLOSSARY.md#foundation-cicd-pipeline) for foundations code in subsequent stages. The [CI/CD Pipeline](/docs/GLOSSARY.md#foundation-cicd-pipeline) can use either Cloud Build and Cloud Source Repos or Jenkins and your own Git repos (which might live on-premises). +The purpose of this step is to bootstrap a Google Cloud organization, creating all the required resources & permissions to start using the Cloud Foundation Toolkit (CFT). This step also configures a [CI/CD Pipeline](/docs/GLOSSARY.md#foundation-cicd-pipeline) for foundations code in subsequent stages. The [CI/CD Pipeline](/docs/GLOSSARY.md#foundation-cicd-pipeline) can use either Cloud Build and Cloud Source Repos or Jenkins and your own Git repos (which might live on-premises). ## Prerequisites -To run the commands described in this document, install the following: +To run the commands described in this document, you need to have the following +installed: -- [Google Cloud SDK](https://cloud.google.com/sdk/install) version 393.0.0 or later +- The [Google Cloud SDK](https://cloud.google.com/sdk/install) version 393.0.0 or later - [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) version 2.28.0 or later - [Terraform](https://www.terraform.io/downloads.html) version 1.3.0 @@ -74,12 +75,12 @@ Also make sure that you've done the following: [organization](https://cloud.google.com/resource-manager/docs/creating-managing-organization). 1. Set up a Google Cloud [billing account](https://cloud.google.com/billing/docs/how-to/manage-billing-account). -1. Create Cloud Identity or Google Workspace groups for +1. Created Cloud Identity or Google Workspace (formerly G Suite) groups for organization and billing admins. -1. Add the user who will use Terraform to the `group_org_admins` group. +1. Added the user who will use Terraform to the `group_org_admins` group. They must be in this group, or they won't have `roles/resourcemanager.projectCreator` access. -1. For the user who will run the procedures in this document, grant the following roles: +1. For the user who will run the procedures in this document, granted the following roles: - The `roles/resourcemanager.organizationAdmin` role on the Google Cloud organization. - The `roles/orgpolicy.policyAdmin` role on the Google Cloud organization. - The `roles/billing.admin` role on the billing account. @@ -93,12 +94,12 @@ that are created, see the organization bootstrap module ### Optional - Automatic creation of Google Cloud Identity groups -In the foundation, Google Cloud Identity groups are used for [authentication and access management](https://cloud.google.com/architecture/security-foundations/authentication-authorization) . +Google Cloud Identity groups are used for [authentication and access management](https://cloud.google.com/architecture/security-foundations/authentication-authorization) in the foundation. -To enable automatic creation of the [required groups](https://cloud.google.com/architecture/security-foundations/authentication-authorization#users_and_groups), complete the following actions: +To enable automatic creation of the [required groups](https://cloud.google.com/architecture/security-foundations/authentication-authorization#users_and_groups) you need to: - Have an existing project for Cloud Identity API billing. -- Enable the Cloud Identity API (`cloudidentity.googleapis.com`) on the billing project. +- Enable the Cloud Identity API(`cloudidentity.googleapis.com`) on the billing project. - Grant role `roles/serviceusage.serviceUsageConsumer` to the user running Terraform on the billing project. - Provide values for the groups and billing project in the variable `groups`. @@ -108,11 +109,11 @@ All groups in the `groups.optional_groups` are optional. ### Optional - Cloud Build access to on-prem -See [onprem](./onprem.md) for instructions on how to configure Cloud Build access to your on-premises environment. +Please refer to [onprem](./onprem.md) for instructions on how to configure Cloud Build access to on-prem. ### Troubleshooting -See [troubleshooting](../docs/TROUBLESHOOTING.md) if you run into issues during this step. +Please refer to [troubleshooting](../docs/TROUBLESHOOTING.md) if you run into issues during this step. ## Deploying with Jenkins @@ -153,8 +154,7 @@ your current Jenkins manager (controller) environment. terraform plan -input=false -out bootstrap.tfplan ``` -1. To validate your policies, run `gcloud beta terraform vet`. For installation instructions, see [Install Google Cloud CLI](https://cloud.google.com/docs/terraform/policy-validation/validate-policies#install). - +1. To run `gcloud beta terraform vet` steps please follow the [instructions](https://cloud.google.com/docs/terraform/policy-validation/validate-policies#install) to install the terraform-tools component. 1. Run the following commands and check for violations: ```bash @@ -163,8 +163,7 @@ your current Jenkins manager (controller) environment. gcloud beta terraform vet bootstrap.json --policy-library="../policy-library" --project ${VET_PROJECT_ID} ``` - *`A-VALID-PROJECT-ID`* must be an existing project you have access to. This is necessary because Terraform-validator needs to link resources to a valid Google Cloud Platform project. - + - *`A-VALID-PROJECT-ID`* must be an existing project you have access to, this is necessary because Terraform-validator needs to link resources to a valid Google Cloud Platform project. 1. Run `terraform apply`. ```bash @@ -215,7 +214,7 @@ your current Jenkins manager (controller) environment. ``` 1. (Optional) Run `terraform plan` to verify that state is configured correctly. You should see no changes from the previous state. -1. Clone the policy repo and copy contents of policy-library to new repo. Clone the repo at the same level of the `terraform-example-foundation` folder. +1. Clone the policy repo and copy contents of policy-library to new repo. Clone the repo at the same level of the `terraform-example-foundation` folder, the next instructions assume that layout. ```bash cd ../.. @@ -260,7 +259,7 @@ your current Jenkins manager (controller) environment. git push --set-upstream origin plan ``` -1. Continue with the instructions in the [1-org](../1-org/README.md) step. +1. You can now move to the instructions in the [1-org](../1-org/README.md) step. **Note 1:** The stages after `0-bootstrap` use `terraform_remote_state` data source to read common configuration like the organization ID from the output of the `0-bootstrap` stage. They will [fail](../docs/TROUBLESHOOTING.md#error-unsupported-attribute) if the state is not copied to the Cloud Storage bucket. diff --git a/0-bootstrap/versions.tf b/0-bootstrap/versions.tf index 862a18ae92..7db927f6ab 100644 --- a/0-bootstrap/versions.tf +++ b/0-bootstrap/versions.tf @@ -25,7 +25,7 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:bootstrap/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:bootstrap/v3.0.1" } } diff --git a/1-org/envs/shared/versions.tf b/1-org/envs/shared/versions.tf index 8393482b7e..11f2c39854 100644 --- a/1-org/envs/shared/versions.tf +++ b/1-org/envs/shared/versions.tf @@ -31,10 +31,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:org/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:org/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:org/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:org/v3.0.1" } } diff --git a/2-environments/modules/env_baseline/versions.tf b/2-environments/modules/env_baseline/versions.tf index 7e9e2695cb..5db55518c9 100644 --- a/2-environments/modules/env_baseline/versions.tf +++ b/2-environments/modules/env_baseline/versions.tf @@ -28,10 +28,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:org/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:org/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:org/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:org/v3.0.1" } } diff --git a/3-networks-dual-svpc/modules/base_shared_vpc/versions.tf b/3-networks-dual-svpc/modules/base_shared_vpc/versions.tf index bac74915ef..a941e2a1ba 100644 --- a/3-networks-dual-svpc/modules/base_shared_vpc/versions.tf +++ b/3-networks-dual-svpc/modules/base_shared_vpc/versions.tf @@ -28,10 +28,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:base_shared_vpc/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:base_shared_vpc/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:base_shared_vpc/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:base_shared_vpc/v3.0.1" } } diff --git a/3-networks-dual-svpc/modules/dedicated_interconnect/versions.tf b/3-networks-dual-svpc/modules/dedicated_interconnect/versions.tf index 36325c4df4..b52a227491 100644 --- a/3-networks-dual-svpc/modules/dedicated_interconnect/versions.tf +++ b/3-networks-dual-svpc/modules/dedicated_interconnect/versions.tf @@ -28,10 +28,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:dedicated_interconnect/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:dedicated_interconnect/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:dedicated_interconnect/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:dedicated_interconnect/v3.0.1" } } diff --git a/3-networks-dual-svpc/modules/hierarchical_firewall_policy/versions.tf b/3-networks-dual-svpc/modules/hierarchical_firewall_policy/versions.tf index 8fbd5438cc..6f9517a5cb 100644 --- a/3-networks-dual-svpc/modules/hierarchical_firewall_policy/versions.tf +++ b/3-networks-dual-svpc/modules/hierarchical_firewall_policy/versions.tf @@ -31,10 +31,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:hierarchical_firewall_policy/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:hierarchical_firewall_policy/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:hierarchical_firewall_policy/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:hierarchical_firewall_policy/v3.0.1" } } diff --git a/3-networks-dual-svpc/modules/partner_interconnect/versions.tf b/3-networks-dual-svpc/modules/partner_interconnect/versions.tf index 0eb5356b6d..681fceb16e 100644 --- a/3-networks-dual-svpc/modules/partner_interconnect/versions.tf +++ b/3-networks-dual-svpc/modules/partner_interconnect/versions.tf @@ -28,10 +28,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:partner_interconnect/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:partner_interconnect/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:partner_interconnect/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:partner_interconnect/v3.0.1" } } diff --git a/3-networks-dual-svpc/modules/restricted_shared_vpc/versions.tf b/3-networks-dual-svpc/modules/restricted_shared_vpc/versions.tf index 31e21a7551..5bdbc4258c 100644 --- a/3-networks-dual-svpc/modules/restricted_shared_vpc/versions.tf +++ b/3-networks-dual-svpc/modules/restricted_shared_vpc/versions.tf @@ -31,10 +31,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:restricted_shared_vpc/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:restricted_shared_vpc/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:restricted_shared_vpc/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:restricted_shared_vpc/v3.0.1" } } diff --git a/3-networks-hub-and-spoke/modules/base_shared_vpc/versions.tf b/3-networks-hub-and-spoke/modules/base_shared_vpc/versions.tf index 32ec077f4a..2e505c7ed0 100644 --- a/3-networks-hub-and-spoke/modules/base_shared_vpc/versions.tf +++ b/3-networks-hub-and-spoke/modules/base_shared_vpc/versions.tf @@ -28,10 +28,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:base_shared_vpc/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:base_shared_vpc/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:base_shared_vpc/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:base_shared_vpc/v3.0.1" } } diff --git a/3-networks-hub-and-spoke/modules/dedicated_interconnect/versions.tf b/3-networks-hub-and-spoke/modules/dedicated_interconnect/versions.tf index f8d5bb6840..fe2fbe3805 100644 --- a/3-networks-hub-and-spoke/modules/dedicated_interconnect/versions.tf +++ b/3-networks-hub-and-spoke/modules/dedicated_interconnect/versions.tf @@ -28,10 +28,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:dedicated_interconnect/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:dedicated_interconnect/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:dedicated_interconnect/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:dedicated_interconnect/v3.0.1" } } diff --git a/3-networks-hub-and-spoke/modules/hierarchical_firewall_policy/versions.tf b/3-networks-hub-and-spoke/modules/hierarchical_firewall_policy/versions.tf index 3a3660f5b9..05651ff215 100644 --- a/3-networks-hub-and-spoke/modules/hierarchical_firewall_policy/versions.tf +++ b/3-networks-hub-and-spoke/modules/hierarchical_firewall_policy/versions.tf @@ -31,10 +31,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:hierarchical_firewall_policy/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:hierarchical_firewall_policy/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:hierarchical_firewall_policy/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:hierarchical_firewall_policy/v3.0.1" } } diff --git a/3-networks-hub-and-spoke/modules/partner_interconnect/versions.tf b/3-networks-hub-and-spoke/modules/partner_interconnect/versions.tf index 7e86adbe38..9230740fee 100644 --- a/3-networks-hub-and-spoke/modules/partner_interconnect/versions.tf +++ b/3-networks-hub-and-spoke/modules/partner_interconnect/versions.tf @@ -28,10 +28,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:partner_interconnect/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:partner_interconnect/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:partner_interconnect/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:partner_interconnect/v3.0.1" } } diff --git a/3-networks-hub-and-spoke/modules/restricted_shared_vpc/versions.tf b/3-networks-hub-and-spoke/modules/restricted_shared_vpc/versions.tf index 824010a392..c06b8d0c5b 100644 --- a/3-networks-hub-and-spoke/modules/restricted_shared_vpc/versions.tf +++ b/3-networks-hub-and-spoke/modules/restricted_shared_vpc/versions.tf @@ -31,10 +31,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:restricted_shared_vpc/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:restricted_shared_vpc/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:restricted_shared_vpc/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:restricted_shared_vpc/v3.0.1" } } diff --git a/3-networks-hub-and-spoke/modules/transitivity/versions.tf b/3-networks-hub-and-spoke/modules/transitivity/versions.tf index fb6a66cdc5..a51ad460fe 100644 --- a/3-networks-hub-and-spoke/modules/transitivity/versions.tf +++ b/3-networks-hub-and-spoke/modules/transitivity/versions.tf @@ -28,10 +28,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:transitivity/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:transitivity/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:transitivity/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:transitivity/v3.0.1" } } diff --git a/4-projects/modules/infra_pipelines/versions.tf b/4-projects/modules/infra_pipelines/versions.tf index 97701ba824..b69779b784 100644 --- a/4-projects/modules/infra_pipelines/versions.tf +++ b/4-projects/modules/infra_pipelines/versions.tf @@ -36,10 +36,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:infra_pipelines/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:infra_pipelines/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:infra_pipelines/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:infra_pipelines/v3.0.1" } } diff --git a/4-projects/modules/single_project/versions.tf b/4-projects/modules/single_project/versions.tf index a571d39fa4..77af81a6c9 100644 --- a/4-projects/modules/single_project/versions.tf +++ b/4-projects/modules/single_project/versions.tf @@ -28,10 +28,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:single_project/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:single_project/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:single_project/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:single_project/v3.0.1" } } diff --git a/5-app-infra/modules/env_base/versions.tf b/5-app-infra/modules/env_base/versions.tf index 0c6cc0db4a..5aef132a5c 100644 --- a/5-app-infra/modules/env_base/versions.tf +++ b/5-app-infra/modules/env_base/versions.tf @@ -37,10 +37,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-example-foundation:app_env_base/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:app_env_base/v3.0.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-example-foundation:app_env_base/v3.0.0" + module_name = "blueprints/terraform/terraform-example-foundation:app_env_base/v3.0.1" } } diff --git a/CHANGELOG.md b/CHANGELOG.md index 58dac7b713..ab8f0d91b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## [3.0.1](https://github.com/terraform-google-modules/terraform-example-foundation/compare/v3.0.0...v3.0.1) (2023-02-07) + + +### Bug Fixes + +* **deps:** update go modules ([#910](https://github.com/terraform-google-modules/terraform-example-foundation/issues/910)) ([020a339](https://github.com/terraform-google-modules/terraform-example-foundation/commit/020a339514b81ee81336972ec7e57996ccd298e7)) + ## [3.0.0](https://github.com/terraform-google-modules/terraform-example-foundation/compare/v2.3.1...v3.0.0) (2022-12-16)