Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: create subfolders for business units in 4-projects step #1039

Merged
merged 10 commits into from
Dec 14, 2023
Merged

feat: create subfolders for business units in 4-projects step #1039

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
2b0dfd9
Partial folder structure implementation
romanini-ciandt Nov 27, 2023
a12b67d
Folder structure change by BU + project name fix
romanini-ciandt Nov 28, 2023
45506e3
Merge branch 'master' of github.com:romanini-ciandt/terraform-example…
romanini-ciandt Nov 28, 2023
3e22161
Docker lint adjusts
romanini-ciandt Nov 28, 2023
ae81524
Merge branch 'master' into feature/create-folders-for-business-units
romanini-ciandt Dec 1, 2023
881ad9a
Merge branch 'master' into feature/create-folders-for-business-units
romanini-ciandt Dec 4, 2023
66aacbb
Merge branch 'master' into feature/create-folders-for-business-units
gtsorbo Dec 6, 2023
2dd0a9e
Merge remote-tracking branch 'origin/master' into feature/create-fold…
daniel-cit Dec 10, 2023
6da390d
Merge branch 'master' into feature/create-folders-for-business-units
daniel-cit Dec 11, 2023
46234f9
Merge branch 'master' into feature/create-folders-for-business-units
daniel-cit Dec 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions 0-bootstrap/sa.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,7 @@ locals {
"roles/dns.admin",
],
"proj" = [
"roles/resourcemanager.folderViewer",
"roles/resourcemanager.folderIamAdmin",
"roles/resourcemanager.folderAdmin",
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This permission is needed because now 4-projects step creates the proper subfolders by example BUs (before all the folders were created at 2-environments).
folderAdmin because we need permissions to create and destroy.

"roles/artifactregistry.admin",
"roles/compute.networkAdmin",
"roles/compute.xpnAdmin",
Expand Down
1 change: 1 addition & 0 deletions 4-projects/modules/base_env/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
| business\_unit | The business (ex. business\_unit\_1). | `string` | n/a | yes |
| env | The environment to prepare (ex. development). | `string` | n/a | yes |
| firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls. | `bool` | `true` | no |
| folder\_prefix | Name prefix to use for folders created. Should be the same in all steps. | `string` | `"fldr"` | no |
| gcs\_bucket\_prefix | Name prefix to be used for GCS Bucket | `string` | `"bkt"` | no |
| key\_name | Name to be used for KMS Key | `string` | `"crypto-key-example"` | no |
| key\_rotation\_period | Rotation period in seconds to be used for KMS Key | `string` | `"7776000s"` | no |
Expand Down
24 changes: 24 additions & 0 deletions 4-projects/modules/base_env/business_unit_folder.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

locals {
env_business_unit_folder_name = "${var.folder_prefix}-${var.env}-${var.business_code}"
}

resource "google_folder" "env_business_unit" {
display_name = local.env_business_unit_folder_name
parent = local.env_folder_name
}
2 changes: 1 addition & 1 deletion 4-projects/modules/base_env/example_base_shared_vpc_project.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ module "base_shared_vpc_project" {

org_id = local.org_id
billing_account = local.billing_account
folder_id = local.env_folder_name
folder_id = google_folder.env_business_unit.name
environment = var.env
vpc_type = "base"
shared_vpc_host_project_id = local.base_host_project_id
Expand Down
2 changes: 1 addition & 1 deletion 4-projects/modules/base_env/example_floating_project.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ module "floating_project" {

org_id = local.org_id
billing_account = local.billing_account
folder_id = local.env_folder_name
folder_id = google_folder.env_business_unit.name
environment = var.env
project_budget = var.project_budget
project_prefix = local.project_prefix
Expand Down
2 changes: 1 addition & 1 deletion 4-projects/modules/base_env/example_peering_project.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ module "peering_project" {

org_id = local.org_id
billing_account = local.billing_account
folder_id = local.env_folder_name
folder_id = google_folder.env_business_unit.name
environment = var.env
project_budget = var.project_budget
project_prefix = local.project_prefix
Expand Down
2 changes: 1 addition & 1 deletion 4-projects/modules/base_env/example_restricted_shared_vpc_project.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ module "restricted_shared_vpc_project" {

org_id = local.org_id
billing_account = local.billing_account
folder_id = local.env_folder_name
folder_id = google_folder.env_business_unit.name
environment = var.env
vpc_type = "restricted"
shared_vpc_host_project_id = local.restricted_host_project_id
Expand Down
2 changes: 1 addition & 1 deletion 4-projects/modules/base_env/example_storage_cmek.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ module "env_secrets_project" {

org_id = local.org_id
billing_account = local.billing_account
folder_id = local.env_folder_name
folder_id = google_folder.env_business_unit.name
environment = var.env
project_budget = var.project_budget
project_suffix = var.secrets_prj_suffix
Expand Down
6 changes: 6 additions & 0 deletions 4-projects/modules/base_env/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,3 +152,9 @@ variable "subnet_ip_range" {
type = string
default = null
}

variable "folder_prefix" {
description = "Name prefix to use for folders created. Should be the same in all steps."
type = string
default = "fldr"
}
2 changes: 1 addition & 1 deletion 4-projects/modules/single_project/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ module "project" {
random_project_id = true
random_project_id_length = 4
activate_apis = distinct(concat(var.activate_apis, ["billingbudgets.googleapis.com"]))
name = "${var.project_prefix}-${var.business_code}-${local.env_code}-${var.project_suffix}"
name = "${var.project_prefix}-${local.env_code}-${var.business_code}${var.project_suffix}"
org_id = var.org_id
billing_account = var.billing_account
folder_id = var.folder_id
Expand Down
138 changes: 75 additions & 63 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,38 +178,44 @@ Running this code as-is should generate a structure as shown below:
```
example-organization/
└── fldr-development
├── prj-bu1-d-env-secrets
├── prj-bu1-d-sample-floating
├── prj-bu1-d-sample-base
├── prj-bu1-d-sample-restrict
├── prj-bu1-d-sample-peering
├── prj-bu2-d-env-secrets
├── prj-bu2-d-sample-floating
├── prj-bu2-d-sample-base
├── prj-bu2-d-sample-restrict
└── prj-bu2-d-sample-peering
└── fldr-bu1-development
├── prj-d-env-bu1secrets
├── prj-d-bu1sample-floating
├── prj-d-bu1sample-base
├── prj-d-bu1sample-restrict
├── prj-d-bu1sample-peering
└── fldr-bu2-development
├── prj-d-env-bu2secrets
├── prj-d-sample-bu2floating
├── prj-d-sample-bu2base
├── prj-d-sample-bu2restrict
└── prj-d-sample-bu2peering
└── fldr-non-production
├── prj-bu1-n-env-secrets
├── prj-bu1-n-sample-floating
├── prj-bu1-n-sample-base
├── prj-bu1-n-sample-restrict
├── prj-bu1-n-sample-peering
├── prj-bu2-n-env-secrets
├── prj-bu2-n-sample-floating
├── prj-bu2-n-sample-base
├── prj-bu2-n-sample-restrict
└── prj-bu2-n-sample-peering
└── fldr-bu1-non-production
├── prj-n-env-bu1secrets
├── prj-n-bu1sample-floating
├── prj-n-bu1sample-base
├── prj-n-bu1sample-restrict
├── prj-n-bu1sample-peering
└── fldr-bu2-non-production
├── prj-n-env-bu2secrets
├── prj-n-sample-bu2floating
├── prj-n-sample-bu2base
├── prj-n-sample-bu2restrict
└── prj-n-sample-bu2peering
└── fldr-production
├── prj-bu1-p-env-secrets
├── prj-bu1-p-sample-floating
├── prj-bu1-p-sample-base
├── prj-bu1-p-sample-restrict
├── prj-bu1-p-sample-peering
├── prj-bu2-p-env-secrets
├── prj-bu2-p-sample-floating
├── prj-bu2-p-sample-base
├── prj-bu2-p-sample-restrict
└── prj-bu2-p-sample-peering
└── fldr-bu1-production
├── prj-p-env-bu1secrets
├── prj-p-bu1sample-floating
├── prj-p-bu1sample-base
├── prj-p-bu1sample-restrict
├── prj-p-bu1sample-peering
└── fldr-bu2-production
├── prj-p-env-bu2secrets
├── prj-p-sample-bu2floating
├── prj-p-sample-bu2base
├── prj-p-sample-bu2restrict
└── prj-p-sample-bu2peering
└── fldr-common
├── prj-bu1-c-infra-pipeline
└── prj-bu2-c-infra-pipeline
Expand Down Expand Up @@ -252,44 +258,50 @@ example-organization
├── prj-p-shared-base
└── prj-p-shared-restricted
└── fldr-development
├── prj-bu1-d-env-secrets
├── prj-bu1-d-sample-floating
├── prj-bu1-d-sample-base
├── prj-bu1-d-sample-restrict
├── prj-bu1-d-sample-peering
├── prj-bu2-d-env-secrets
├── prj-bu2-d-sample-floating
├── prj-bu2-d-sample-base
├── prj-bu2-d-sample-restrict
├── prj-bu2-d-sample-peering
├── prj-d-monitoring
└── prj-d-secrets
├── prj-d-secrets
└── fldr-bu1-development
├── prj-d-env-bu1secrets
├── prj-d-bu1sample-floating
├── prj-d-bu1sample-base
├── prj-d-bu1sample-restrict
└── prj-d-bu1sample-peering
└── fldr-bu2-development
├── prj-d-env-bu2secrets
├── prj-d-sample-bu2floating
├── prj-d-sample-bu2base
├── prj-d-sample-bu2restrict
└── prj-d-sample-bu2peering
└── fldr-non-production
├── prj-bu1-n-env-secrets
├── prj-bu1-n-sample-floating
├── prj-bu1-n-sample-base
├── prj-bu1-n-sample-restrict
├── prj-bu1-n-sample-peering
├── prj-bu2-n-env-secrets
├── prj-bu2-n-sample-floating
├── prj-bu2-n-sample-base
├── prj-bu2-n-sample-restrict
├── prj-bu2-n-sample-peering
├── prj-n-monitoring
└── prj-n-secrets
├── prj-n-secrets
└── fldr-bu1-non-production
├── prj-n-env-bu1secrets
├── prj-n-bu1sample-floating
├── prj-n-bu1sample-base
├── prj-n-bu1sample-restrict
└── prj-n-bu1sample-peering
└── fldr-bu2-non-production
├── prj-n-env-bu2secrets
├── prj-n-sample-bu2floating
├── prj-n-sample-bu2base
├── prj-n-sample-bu2restrict
└── prj-n-sample-bu2peering
└── fldr-production
├── prj-bu1-p-env-secrets
├── prj-bu1-p-sample-floating
├── prj-bu1-p-sample-base
├── prj-bu1-p-sample-restrict
├── prj-bu1-p-sample-peering
├── prj-bu2-p-env-secrets
├── prj-bu2-p-sample-floating
├── prj-bu2-p-sample-base
├── prj-bu2-p-sample-restrict
├── prj-bu2-p-sample-peering
├── prj-p-monitoring
└── prj-p-secrets
├── prj-p-secrets
└── fldr-bu1-production
├── prj-p-env-bu1secrets
├── prj-p-bu1sample-floating
├── prj-p-bu1sample-base
├── prj-p-bu1sample-restrict
└── prj-p-bu1sample-peering
└── fldr-bu2-production
├── prj-p-env-bu2secrets
├── prj-p-sample-bu2floating
├── prj-p-sample-bu2base
├── prj-p-sample-bu2restrict
└── prj-p-sample-bu2peering
└── fldr-bootstrap
├── prj-b-cicd
└── prj-b-seed
Expand Down