#387 - 4-p finished - tef 20240511

4-projects/README.md

@@ -21,7 +21,7 @@ organizational policy.</td>
 </tr>
 <tr>
 <td><a href="../2-environments"><span style="white-space: nowrap;">2-environments</span></a></td>
-<td>Sets up development, non-production, and production environments within the
+<td>Sets up development, nonproduction, and production environments within the
 Google Cloud organization that you've created.</td>
 </tr>
 <tr>
@@ -62,7 +62,7 @@ For each business unit, a shared `infra-pipeline` project is created along with
 This step follows the same [conventions](https://github.com/terraform-google-modules/terraform-example-foundation#branching-strategy) as the Foundation pipeline deployed in [0-bootstrap](https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/README.md).
 A custom [workspace](https://github.com/terraform-google-modules/terraform-google-bootstrap/blob/master/modules/tf_cloudbuild_workspace/README.md) (`bu1-example-app`) is created by this pipeline and necessary roles are granted to the Terraform Service Account of this workspace by enabling variable `sa_roles` as shown in this [example](https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/4-projects/modules/base_env/example_base_shared_vpc_project.tf).
 
-This pipeline is utilized to deploy resources in projects across development/non-production/production in step [5-app-infra](../5-app-infra/README.md).
+This pipeline is utilized to deploy resources in projects across development/nonproduction/production in step [5-app-infra](../5-app-infra/README.md).
 Other Workspaces can also be created to isolate deployments if needed.
 
 ## Prerequisites
@@ -118,11 +118,11 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
    mv common.auto.example.tfvars common.auto.tfvars
    mv shared.auto.example.tfvars shared.auto.tfvars
    mv development.auto.example.tfvars development.auto.tfvars
-   mv non-production.auto.example.tfvars non-production.auto.tfvars
+   mv nonproduction.auto.example.tfvars nonproduction.auto.tfvars
    mv production.auto.example.tfvars production.auto.tfvars
    ```
 
-1. See any of the envs folder [README.md](./business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
+1. See any of the envs folder [README.md](./business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `nonproduction.auto.tfvars`, and `production.auto.tfvars` files.
 1. See any of the shared folder [README.md](./business_unit_1/shared/README.md) files for additional information on the values in the `shared.auto.tfvars` file.
 
 1. Use `terraform output` to get the backend bucket value from 0-bootstrap output.
@@ -141,7 +141,7 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
    git commit -m 'Initialize projects repo'
    ```
 
-1. You need to manually plan and apply only once the `business_unit_1/shared` and `business_unit_2/shared` environments since `development`, `non-production`, and `production` depend on them.
+1. You need to manually plan and apply only once the `business_unit_1/shared` and `business_unit_2/shared` environments since `development`, `nonproduction`, and `production` depend on them.
 1. To use the `validate` option of the `tf-wrapper.sh` script, please follow the [instructions](https://cloud.google.com/docs/terraform/policy-validation/validate-policies#install) to install the terraform-tools component.
 1. Use `terraform output` to get the Cloud Build project ID and the projects step Terraform Service Account from 0-bootstrap output. An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set using the Terraform Service Account to enable impersonation.
 
@@ -197,13 +197,13 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
    git push origin development
    ```
 
-1. After development has been applied, apply non-production.
-1. Merge changes to non-production. Because this is a [named environment branch](../docs/FAQ.md#what-is-a-named-branch),
+1. After development has been applied, apply nonproduction.
+1. Merge changes to nonproduction. Because this is a [named environment branch](../docs/FAQ.md#what-is-a-named-branch),
    pushing to this branch triggers both _terraform plan_ and _terraform apply_. Review the apply output in your Cloud Build project. https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
 
    ```bash
-   git checkout -b non-production
-   git push origin non-production
+   git checkout -b nonproduction
+   git push origin nonproduction
    ```
 
 1. Before executing the next step, unset the `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` environment variable.
@@ -238,11 +238,11 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s
    mv common.auto.example.tfvars common.auto.tfvars
    mv shared.auto.example.tfvars shared.auto.tfvars
    mv development.auto.example.tfvars development.auto.tfvars
-   mv non-production.auto.example.tfvars non-production.auto.tfvars
+   mv nonproduction.auto.example.tfvars nonproduction.auto.tfvars
    mv production.auto.example.tfvars production.auto.tfvars
    ```
 
-1. See any of the envs folder [README.md](./business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
+1. See any of the envs folder [README.md](./business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `nonproduction.auto.tfvars`, and `production.auto.tfvars` files.
    See any of the shared folder [README.md](./business_unit_1/shared/README.md) files for additional information on the values in the `shared.auto.tfvars` file.
    Use `terraform output` to get the remote state bucket (the backend bucket used by previous steps) value from `0-bootstrap` output.
 
@@ -253,8 +253,8 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s
    sed -i'' -e "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars
    ```
 
-We will now deploy each of our environments(development/production/non-production) using the `tf-wrapper.sh` script.
-When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch is the repository for 4-projects step and only the corresponding environment is applied. Environment shared must be applied first because development, non-production, and production depend on it.
+We will now deploy each of our environments(development/production/nonproduction) using the `tf-wrapper.sh` script.
+When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch is the repository for 4-projects step and only the corresponding environment is applied. Environment shared must be applied first because development, nonproduction, and production depend on it.
 
 To use the `validate` option of the `tf-wrapper.sh` script, please follow the [instructions](https://cloud.google.com/docs/terraform/policy-validation/validate-policies#install) to install the terraform-tools component.
 
@@ -306,23 +306,23 @@ To use the `validate` option of the `tf-wrapper.sh` script, please follow the [i
    ./tf-wrapper.sh apply production
    ```
 
-1. Run `init` and `plan` and review output for environment non-production.
+1. Run `init` and `plan` and review output for environment nonproduction.
 
    ```bash
-   ./tf-wrapper.sh init non-production
-   ./tf-wrapper.sh plan non-production
+   ./tf-wrapper.sh init nonproduction
+   ./tf-wrapper.sh plan nonproduction
    ```
 
 1. Run `validate` and check for violations.
 
    ```bash
-   ./tf-wrapper.sh validate non-production $(pwd)/../policy-library ${CLOUD_BUILD_PROJECT_ID}
+   ./tf-wrapper.sh validate nonproduction $(pwd)/../policy-library ${CLOUD_BUILD_PROJECT_ID}
    ```
 
-1. Run `apply` non-production.
+1. Run `apply` nonproduction.
 
    ```bash
-   ./tf-wrapper.sh apply non-production
+   ./tf-wrapper.sh apply nonproduction
    ```
 
 1. Run `init` and `plan` and review output for environment development.

4-projects/business_unit_1/nonproduction/backend.tf

@@ -17,6 +17,6 @@
 terraform {
   backend "gcs" {
     bucket = "UPDATE_PROJECTS_BACKEND"
-    prefix = "terraform/projects/business_unit_1/non-production"
+    prefix = "terraform/projects/business_unit_1/nonproduction"
   }
 }

4-projects/business_unit_1/nonproduction/backend.tf.cloud.example

@@ -17,7 +17,7 @@
 terraform {
   cloud {
     workspaces {
-      name = "4-bu1-non-production"
+      name = "4-bu1-nonproduction"
     }
   }
 }

4-projects/business_unit_1/nonproduction/main.tf

@@ -17,7 +17,7 @@
 module "env" {
   source = "../../modules/base_env"
 
-  env                          = "non-production"
+  env                          = "nonproduction"
   business_code                = "bu1"
   business_unit                = "business_unit_1"
   remote_state_bucket          = var.remote_state_bucket

4-projects/business_unit_2/nonproduction/backend.tf

@@ -17,6 +17,6 @@
 terraform {
   backend "gcs" {
     bucket = "UPDATE_PROJECTS_BACKEND"
-    prefix = "terraform/projects/business_unit_2/non-production"
+    prefix = "terraform/projects/business_unit_2/nonproduction"
   }
 }

4-projects/business_unit_2/nonproduction/backend.tf.cloud.example

@@ -17,7 +17,7 @@
 terraform {
   cloud {
     workspaces {
-      name = "4-bu2-non-production"
+      name = "4-bu2-nonproduction"
     }
   }
 }

4-projects/business_unit_2/nonproduction/main.tf

@@ -17,7 +17,7 @@
 module "env" {
   source = "../../modules/base_env"
 
-  env                          = "non-production"
+  env                          = "nonproduction"
   business_code                = "bu2"
   business_unit                = "business_unit_2"
   remote_state_bucket          = var.remote_state_bucket

4-projects/modules/base_env/README.md

@@ -12,7 +12,7 @@
 | key\_name | Name to be used for KMS Key | `string` | `"crypto-key-example"` | no |
 | key\_rotation\_period | Rotation period in seconds to be used for KMS Key | `string` | `"7776000s"` | no |
 | keyring\_name | Name to be used for KMS Keyring | `string` | `"sample-keyring"` | no |
-| kms\_prj\_suffix | Name suffix to use for KMS project created. | `string` | `"env-kms"` | no |
+| kms\_prj\_suffix | Name suffix to use for KMS project created. | `string` | `"kms"` | no |
 | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `"US"` | no |
 | location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `"us"` | no |
 | optional\_fw\_rules\_enabled | Toggle creation of optional firewall rules: Internal & Global load balancing health check and load balancing IP ranges. | `bool` | `false` | no |

4-projects/modules/base_env/example_base_shared_vpc_project.tf

@@ -21,7 +21,7 @@ module "base_shared_vpc_project" {
   billing_account                     = local.billing_account
   folder_id                           = google_folder.env_business_unit.name
   environment                         = var.env
-  vpc_type                            = "base"
+  vpc                                 = "base"
   shared_vpc_host_project_id          = local.base_host_project_id
   shared_vpc_subnets                  = local.base_subnets_self_links
   project_budget                      = var.project_budget

4-projects/modules/base_env/example_restricted_shared_vpc_project.tf

@@ -21,7 +21,7 @@ module "restricted_shared_vpc_project" {
   billing_account            = local.billing_account
   folder_id                  = google_folder.env_business_unit.name
   environment                = var.env
-  vpc_type                   = "restricted"
+  vpc                        = "restricted"
   shared_vpc_host_project_id = local.restricted_host_project_id
   shared_vpc_subnets         = local.restricted_subnets_self_links
   project_budget             = var.project_budget

4-projects/modules/base_env/variables.tf

@@ -91,7 +91,7 @@ variable "project_budget" {
 variable "kms_prj_suffix" {
   description = "Name suffix to use for KMS project created."
   type        = string
-  default     = "env-kms"
+  default     = "kms"
 }
 
 variable "location_kms" {

4-projects/modules/infra_pipelines/main.tf

@@ -84,7 +84,7 @@ module "tf_workspace" {
     "_DOCKER_TAG_VERSION_TERRAFORM" = var.terraform_docker_tag_version
   }
 
-  tf_apply_branches = ["development", "non\\-production", "production"]
+  tf_apply_branches = ["development", "nonproduction", "production"]
 
   depends_on = [
     google_sourcerepo_repository.app_infra_repo,

4-projects/modules/single_project/README.md

@@ -8,7 +8,7 @@
 | application\_name | The name of application where GCP resources relate | `string` | n/a | yes |
 | billing\_account | The ID of the billing account to associated this project with | `string` | n/a | yes |
 | billing\_code | The code that's used to provide chargeback information | `string` | n/a | yes |
-| business\_code | The code that describes which business unit owns the project | `string` | `"abcd"` | no |
+| business\_code | The code that describes which business unit owns the project | `string` | `"shared"` | no |
 | enable\_cloudbuild\_deploy | Enable infra deployment using Cloud Build | `bool` | `false` | no |
 | environment | The environment the single project belongs to | `string` | n/a | yes |
 | folder\_id | The folder id where project will be created | `string` | n/a | yes |
@@ -21,10 +21,10 @@
 | secondary\_contact | The secondary email contact for the project | `string` | `""` | no |
 | shared\_vpc\_host\_project\_id | Shared VPC host project ID | `string` | `""` | no |
 | shared\_vpc\_subnets | List of the shared vpc subnets self links. | `list(string)` | `[]` | no |
+| vpc | The type of VPC to attach the project to. Possible options are none, base or restricted. | `string` | `"none"` | no |
 | vpc\_service\_control\_attach\_enabled | Whether the project will be attached to a VPC Service Control Perimeter | `bool` | `false` | no |
 | vpc\_service\_control\_perimeter\_name | The name of a VPC Service Control Perimeter to add the created project to | `string` | `null` | no |
 | vpc\_service\_control\_sleep\_duration | The duration to sleep in seconds before adding the project to a shared VPC after the project is added to the VPC Service Control Perimeter | `string` | `"5s"` | no |
-| vpc\_type | The type of VPC to attach the project to. Possible options are base or restricted. | `string` | `null` | no |
 
 ## Outputs
 

4-projects/modules/single_project/main.tf

@@ -51,7 +51,7 @@ module "project" {
   random_project_id        = true
   random_project_id_length = 4
   activate_apis            = distinct(concat(var.activate_apis, ["billingbudgets.googleapis.com"]))
-  name                     = "${var.project_prefix}-${local.env_code}-${var.business_code}${var.project_suffix}"
+  name                     = "${var.project_prefix}-${local.env_code}-${var.business_code}-${var.project_suffix}"
   org_id                   = var.org_id
   billing_account          = var.billing_account
   folder_id                = var.folder_id
@@ -71,7 +71,7 @@ module "project" {
     secondary_contact = element(split("@", var.secondary_contact), 0)
     business_code     = var.business_code
     env_code          = local.env_code
-    vpc_type          = var.vpc_type
+    vpc               = var.vpc
   }
   budget_alert_pubsub_topic   = var.project_budget.alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.alert_spent_percents