#387 - sync 1-org tef 20240511

GoogleCloudPlatform · May 11, 2024 · 105ae82 · 105ae82
1 parent 92ad88d
commit 105ae82
Show file tree

Hide file tree

Showing 9 changed files with 65 additions and 53 deletions.
diff --git a/0-bootstrap/terraform_cloud.tf.example b/0-bootstrap/terraform_cloud.tf.example
@@ -53,22 +53,22 @@ locals {
     },
     "env" = {
       "2-production"     = { vcs_branch = "production", directory = "/envs/production" },
-      "2-non-production" = { vcs_branch = "non-production", directory = "/envs/non-production" },
+      "2-nonproduction" = { vcs_branch = "nonproduction", directory = "/envs/nonproduction" },
       "2-development"    = { vcs_branch = "development", directory = "/envs/development" },
     },
     "net" = {
       "3-production"     = { vcs_branch = "production", directory = "/envs/production" },
-      "3-non-production" = { vcs_branch = "non-production", directory = "/envs/non-production" },
+      "3-nonproduction" = { vcs_branch = "nonproduction", directory = "/envs/nonproduction" },
       "3-development"    = { vcs_branch = "development", directory = "/envs/development" },
       "3-shared"         = { vcs_branch = "production", directory = "/envs/shared" },
     },
     "proj" = {
       "4-bu1-production"     = { vcs_branch = "production", directory = "/business_unit_1/production" },
-      "4-bu1-non-production" = { vcs_branch = "non-production", directory = "/business_unit_1/non-production" },
+      "4-bu1-nonproduction" = { vcs_branch = "nonproduction", directory = "/business_unit_1/nonproduction" },
       "4-bu1-development"    = { vcs_branch = "development", directory = "/business_unit_1/development" },
       "4-bu1-shared"         = { vcs_branch = "production", directory = "/business_unit_1/shared" },
       "4-bu2-production"     = { vcs_branch = "production", directory = "/business_unit_2/production" },
-      "4-bu2-non-production" = { vcs_branch = "non-production", directory = "/business_unit_2/non-production" },
+      "4-bu2-nonproduction" = { vcs_branch = "nonproduction", directory = "/business_unit_2/nonproduction" },
       "4-bu2-development"    = { vcs_branch = "development", directory = "/business_unit_2/development" },
       "4-bu2-shared"         = { vcs_branch = "production", directory = "/business_unit_2/shared" },
 

diff --git a/1-org/README.md b/1-org/README.md
@@ -21,7 +21,7 @@ organizational policy.</td>
 </tr>
 <tr>
 <td><a href="../2-environments"><span style="white-space: nowrap;">2-environments</span></a></td>
-<td>Sets up development, non-production, and production environments within the
+<td>Sets up development, nonproduction, and production environments within the
 Google Cloud organization that you've created.</td>
 </tr>
 <tr>
@@ -107,7 +107,7 @@ This module creates and applies [tags](https://cloud.google.com/resource-manager
 | common | folder | 1-org | environment | production |
 | network | folder | 1-org | environment | production |
 | enviroment development | folder | [2-environments](../2-environments/README.md) | environment | development |
-| enviroment non-production | folder | [2-environments](../2-environments/README.md) | environment | non-production |
+| enviroment nonproduction | folder | [2-environments](../2-environments/README.md) | environment | nonproduction |
 | enviroment production | folder | [2-environments](../2-environments/README.md) | environment | production |
 
 ### Deploying with Cloud Build
@@ -126,7 +126,7 @@ If required, run `terraform output cloudbuild_project_id` in the `0-bootstrap` f
    **Note:** The message `warning: You appear to have cloned an empty repository.` is
    normal and can be ignored.
 
-1. Navigate into the repo, change to a non-production branch, and copy the contents of foundation to the new repo.
+1. Navigate into the repo, change to a nonproduction branch, and copy the contents of foundation to the new repo.
    All subsequent steps assume you are running them from the `gcp-org` directory.
    If you run them from another directory, adjust your copy paths accordingly.
 

diff --git a/1-org/envs/shared/README.md b/1-org/envs/shared/README.md
@@ -55,7 +55,7 @@
 | restricted\_net\_hub\_project\_number | The Restricted Network hub project number |
 | scc\_notification\_name | Name of SCC Notification |
 | scc\_notifications\_project\_id | The SCC notifications project ID |
-| shared\_vpc\_projects | Base and restricted shared VPC Projects info grouped by environment (development, non-production, production). |
+| shared\_vpc\_projects | Base and restricted shared VPC Projects info grouped by environment (development, nonproduction, production). |
 | tags | Tag Values to be applied on next steps. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/1-org/envs/shared/outputs.tf b/1-org/envs/shared/outputs.tf
@@ -136,7 +136,7 @@ output "tags" {
 
 output "shared_vpc_projects" {
   value       = { for k, v in module.base_restricted_environment_network : k => v }
-  description = "Base and restricted shared VPC Projects info grouped by environment (development, non-production, production)."
+  description = "Base and restricted shared VPC Projects info grouped by environment (development, nonproduction, production)."
 }
 
 output "cai_monitoring_artifact_registry" {

diff --git a/1-org/envs/shared/projects.tf b/1-org/envs/shared/projects.tf
@@ -23,7 +23,7 @@ locals {
   ]
   environments = {
     "development" : "d",
-    "non-production" : "n",
+    "nonproduction" : "n",
     "production" : "p"
   }
 }
@@ -46,13 +46,14 @@ module "org_audit_logs" {
   activate_apis            = ["logging.googleapis.com", "bigquery.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
-    environment       = "production"
+    environment       = "common"
     application_name  = "org-logging"
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
-    business_code     = "abcd"
-    env_code          = "p"
+    business_code     = "shared"
+    env_code          = "c"
+    vpc               = "none"
   }
   budget_alert_pubsub_topic   = var.project_budget.org_audit_logs_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.org_audit_logs_alert_spent_percents
@@ -74,13 +75,14 @@ module "org_billing_logs" {
   activate_apis            = ["logging.googleapis.com", "bigquery.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
-    environment       = "production"
+    environment       = "common"
     application_name  = "org-billing-logs"
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
-    business_code     = "abcd"
-    env_code          = "p"
+    business_code     = "shared"
+    env_code          = "c"
+    vpc               = "none"
   }
   budget_alert_pubsub_topic   = var.project_budget.org_billing_logs_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.org_billing_logs_alert_spent_percents
@@ -106,13 +108,14 @@ module "org_kms" {
   activate_apis            = ["logging.googleapis.com", "cloudkms.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
-    environment       = "production"
+    environment       = "common"
     application_name  = "org-kms"
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
-    business_code     = "abcd"
-    env_code          = "p"
+    business_code     = "shared"
+    env_code          = "c"
+    vpc               = "none"
   }
 
   budget_alert_pubsub_topic   = var.project_budget.org_kms_alert_pubsub_topic
@@ -139,13 +142,14 @@ module "org_secrets" {
   activate_apis            = ["logging.googleapis.com", "secretmanager.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
-    environment       = "production"
+    environment       = "common"
     application_name  = "org-secrets"
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
     business_code     = "abcd"
-    env_code          = "p"
+    env_code          = "c"
+    vpc               = "none"
   }
   budget_alert_pubsub_topic   = var.project_budget.org_secrets_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.org_secrets_alert_spent_percents
@@ -164,20 +168,21 @@ module "interconnect" {
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
-  name                     = "${local.project_prefix}-c-interconnect"
+  name                     = "${local.project_prefix}-net-interconnect"
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
   activate_apis            = ["billingbudgets.googleapis.com", "compute.googleapis.com"]
 
   labels = {
-    environment       = "production"
-    application_name  = "org-interconnect"
+    environment       = "network"
+    application_name  = "org-net-interconnect"
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
-    business_code     = "abcd"
-    env_code          = "p"
+    business_code     = "shared"
+    env_code          = "net"
+    vpc               = "none"
   }
   budget_alert_pubsub_topic   = var.project_budget.interconnect_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.interconnect_alert_spent_percents
@@ -203,13 +208,14 @@ module "scc_notifications" {
   activate_apis            = ["logging.googleapis.com", "pubsub.googleapis.com", "securitycenter.googleapis.com", "billingbudgets.googleapis.com", "cloudkms.googleapis.com"]
 
   labels = {
-    environment       = "production"
+    environment       = "common"
     application_name  = "org-scc"
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
-    business_code     = "abcd"
-    env_code          = "p"
+    business_code     = "shared"
+    env_code          = "c"
+    vpc               = "none"
   }
   budget_alert_pubsub_topic   = var.project_budget.scc_notifications_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.scc_notifications_alert_spent_percents
@@ -228,7 +234,7 @@ module "dns_hub" {
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
-  name                     = "${local.project_prefix}-c-dns-hub"
+  name                     = "${local.project_prefix}-net-dns"
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
@@ -243,13 +249,14 @@ module "dns_hub" {
   ]
 
   labels = {
-    environment       = "production"
+    environment       = "network"
     application_name  = "org-dns-hub"
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
-    business_code     = "abcd"
-    env_code          = "p"
+    business_code     = "shared"
+    env_code          = "net"
+    vpc               = "none"
   }
   budget_alert_pubsub_topic   = var.project_budget.dns_hub_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.dns_hub_alert_spent_percents
@@ -269,7 +276,7 @@ module "base_network_hub" {
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
-  name                     = "${local.project_prefix}-c-base-net-hub"
+  name                     = "${local.project_prefix}-net-hub-base"
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
@@ -284,13 +291,14 @@ module "base_network_hub" {
   ]
 
   labels = {
-    environment       = "production"
-    application_name  = "org-base-net-hub"
+    environment       = "network"
+    application_name  = "org-net-hub-base"
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
-    business_code     = "abcd"
-    env_code          = "p"
+    business_code     = "shared"
+    env_code          = "net"
+    vpc               = "base"
   }
   budget_alert_pubsub_topic   = var.project_budget.base_net_hub_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.base_net_hub_alert_spent_percents
@@ -318,7 +326,7 @@ module "restricted_network_hub" {
   random_project_id        = true
   random_project_id_length = 4
   default_service_account  = "deprivilege"
-  name                     = "${local.project_prefix}-c-restricted-net-hub"
+  name                     = "${local.project_prefix}-net-hub-restricted"
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
@@ -333,13 +341,14 @@ module "restricted_network_hub" {
   ]
 
   labels = {
-    environment       = "production"
-    application_name  = "org-restricted-net-hub"
+    environment       = "network"
+    application_name  = "org-net-hub-restricted"
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
-    business_code     = "abcd"
-    env_code          = "p"
+    business_code     = "shared"
+    env_code          = "net"
+    vpc               = "restricted"
   }
   budget_alert_pubsub_topic   = var.project_budget.restricted_net_hub_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.restricted_net_hub_alert_spent_percents

diff --git a/1-org/envs/shared/tags.tf b/1-org/envs/shared/tags.tf
@@ -19,7 +19,7 @@ locals {
     environment = {
       shortname   = "environment${local.key_suffix}"
       description = "Environment identification"
-      values      = ["bootstrap", "production", "non-production", "development"]
+      values      = ["bootstrap", "production", "nonproduction", "development"]
     }
 
     # Create your own Tags based on the following template.

diff --git a/1-org/envs/shared/variables.tf b/1-org/envs/shared/variables.tf
@@ -93,6 +93,7 @@ variable "log_export_storage_retention_policy" {
   default = null
 }
 
+
 variable "project_budget" {
   description = <<EOT
   Budget configuration for projects.

diff --git a/1-org/modules/centralized-logging/main.tf b/1-org/modules/centralized-logging/main.tf
@@ -83,7 +83,7 @@ resource "random_string" "suffix" {
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 7.8"
+  version = "~> 8.0"
 
   for_each = local.log_exports
 
@@ -98,7 +98,7 @@ module "log_export" {
 
 module "log_export_billing" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 7.4"
+  version = "~> 8.0"
 
   for_each = var.enable_billing_account_sink ? local.destination_resource_name : {}
 
@@ -123,7 +123,7 @@ resource "time_sleep" "wait_sa_iam_membership" {
 
 module "destination_project" {
   source  = "terraform-google-modules/log-export/google//modules/project"
-  version = "~> 7.8"
+  version = "~> 8.0"
   count   = var.project_options != null ? 1 : 0
 
   project_id               = var.logging_destination_project_id
@@ -151,7 +151,7 @@ resource "google_project_iam_member" "project_sink_member" {
 
 module "internal_project_log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 7.8"
+  version = "~> 8.0"
   count   = var.project_options != null ? 1 : 0
 
   destination_uri        = "logging.googleapis.com/projects/${var.logging_destination_project_id}/locations/${var.project_options.location}/buckets/${coalesce(var.project_options.log_bucket_id, "AggregatedLogs")}"
@@ -164,7 +164,7 @@ module "internal_project_log_export" {
 
 module "destination_aggregated_logs" {
   source  = "terraform-google-modules/log-export/google//modules/logbucket"
-  version = "~> 7.8"
+  version = "~> 8.0"
   count   = var.project_options != null ? 1 : 0
 
   project_id                    = var.logging_destination_project_id
@@ -238,7 +238,7 @@ resource "google_project_iam_member" "project_sink_member_billing" {
 #----------------------#
 module "destination_storage" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 7.8"
+  version = "~> 8.0"
 
   count = var.storage_options != null ? 1 : 0
 
@@ -289,7 +289,7 @@ resource "google_storage_bucket_iam_member" "storage_sink_member_billing" {
 #----------------------#
 module "destination_pubsub" {
   source  = "terraform-google-modules/log-export/google//modules/pubsub"
-  version = "~> 7.8"
+  version = "~> 8.0"
 
   count = var.pubsub_options != null ? 1 : 0
 

diff --git a/1-org/modules/network/main.tf b/1-org/modules/network/main.tf
@@ -45,8 +45,9 @@ module "base_shared_vpc_host_project" {
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
-    business_code     = "abcd"
+    business_code     = "shared"
     env_code          = var.env_code
+    vpc               = "base"
   }
   budget_alert_pubsub_topic   = var.project_budget.base_network_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.base_network_alert_spent_percents
@@ -82,8 +83,9 @@ module "restricted_shared_vpc_host_project" {
     billing_code      = "1234"
     primary_contact   = "example1"
     secondary_contact = "example2"
-    business_code     = "abcd"
+    business_code     = "shared"
     env_code          = var.env_code
+    vpc               = "restricted"
   }
   budget_alert_pubsub_topic   = var.project_budget.restricted_network_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.restricted_network_alert_spent_percents