diff --git a/4-projects/README.md b/4-projects/README.md
index ffe92a73..4ff5b54e 100644
--- a/4-projects/README.md
+++ b/4-projects/README.md
@@ -21,7 +21,7 @@ organizational policy.
| 2-environments |
-Sets up development, non-production, and production environments within the
+ | Sets up development, nonproduction, and production environments within the
Google Cloud organization that you've created. |
@@ -62,7 +62,7 @@ For each business unit, a shared `infra-pipeline` project is created along with
This step follows the same [conventions](https://github.com/terraform-google-modules/terraform-example-foundation#branching-strategy) as the Foundation pipeline deployed in [0-bootstrap](https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/README.md).
A custom [workspace](https://github.com/terraform-google-modules/terraform-google-bootstrap/blob/master/modules/tf_cloudbuild_workspace/README.md) (`bu1-example-app`) is created by this pipeline and necessary roles are granted to the Terraform Service Account of this workspace by enabling variable `sa_roles` as shown in this [example](https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/4-projects/modules/base_env/example_base_shared_vpc_project.tf).
-This pipeline is utilized to deploy resources in projects across development/non-production/production in step [5-app-infra](../5-app-infra/README.md).
+This pipeline is utilized to deploy resources in projects across development/nonproduction/production in step [5-app-infra](../5-app-infra/README.md).
Other Workspaces can also be created to isolate deployments if needed.
## Prerequisites
@@ -118,11 +118,11 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
mv common.auto.example.tfvars common.auto.tfvars
mv shared.auto.example.tfvars shared.auto.tfvars
mv development.auto.example.tfvars development.auto.tfvars
- mv non-production.auto.example.tfvars non-production.auto.tfvars
+ mv nonproduction.auto.example.tfvars nonproduction.auto.tfvars
mv production.auto.example.tfvars production.auto.tfvars
```
-1. See any of the envs folder [README.md](./business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
+1. See any of the envs folder [README.md](./business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `nonproduction.auto.tfvars`, and `production.auto.tfvars` files.
1. See any of the shared folder [README.md](./business_unit_1/shared/README.md) files for additional information on the values in the `shared.auto.tfvars` file.
1. Use `terraform output` to get the backend bucket value from 0-bootstrap output.
@@ -141,7 +141,7 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
git commit -m 'Initialize projects repo'
```
-1. You need to manually plan and apply only once the `business_unit_1/shared` and `business_unit_2/shared` environments since `development`, `non-production`, and `production` depend on them.
+1. You need to manually plan and apply only once the `business_unit_1/shared` and `business_unit_2/shared` environments since `development`, `nonproduction`, and `production` depend on them.
1. To use the `validate` option of the `tf-wrapper.sh` script, please follow the [instructions](https://cloud.google.com/docs/terraform/policy-validation/validate-policies#install) to install the terraform-tools component.
1. Use `terraform output` to get the Cloud Build project ID and the projects step Terraform Service Account from 0-bootstrap output. An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set using the Terraform Service Account to enable impersonation.
@@ -197,13 +197,13 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
git push origin development
```
-1. After development has been applied, apply non-production.
-1. Merge changes to non-production. Because this is a [named environment branch](../docs/FAQ.md#what-is-a-named-branch),
+1. After development has been applied, apply nonproduction.
+1. Merge changes to nonproduction. Because this is a [named environment branch](../docs/FAQ.md#what-is-a-named-branch),
pushing to this branch triggers both _terraform plan_ and _terraform apply_. Review the apply output in your Cloud Build project. https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
```bash
- git checkout -b non-production
- git push origin non-production
+ git checkout -b nonproduction
+ git push origin nonproduction
```
1. Before executing the next step, unset the `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` environment variable.
@@ -238,11 +238,11 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s
mv common.auto.example.tfvars common.auto.tfvars
mv shared.auto.example.tfvars shared.auto.tfvars
mv development.auto.example.tfvars development.auto.tfvars
- mv non-production.auto.example.tfvars non-production.auto.tfvars
+ mv nonproduction.auto.example.tfvars nonproduction.auto.tfvars
mv production.auto.example.tfvars production.auto.tfvars
```
-1. See any of the envs folder [README.md](./business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
+1. See any of the envs folder [README.md](./business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `nonproduction.auto.tfvars`, and `production.auto.tfvars` files.
See any of the shared folder [README.md](./business_unit_1/shared/README.md) files for additional information on the values in the `shared.auto.tfvars` file.
Use `terraform output` to get the remote state bucket (the backend bucket used by previous steps) value from `0-bootstrap` output.
@@ -253,8 +253,8 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s
sed -i'' -e "s/REMOTE_STATE_BUCKET/${remote_state_bucket}/" ./common.auto.tfvars
```
-We will now deploy each of our environments(development/production/non-production) using the `tf-wrapper.sh` script.
-When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch is the repository for 4-projects step and only the corresponding environment is applied. Environment shared must be applied first because development, non-production, and production depend on it.
+We will now deploy each of our environments(development/production/nonproduction) using the `tf-wrapper.sh` script.
+When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch is the repository for 4-projects step and only the corresponding environment is applied. Environment shared must be applied first because development, nonproduction, and production depend on it.
To use the `validate` option of the `tf-wrapper.sh` script, please follow the [instructions](https://cloud.google.com/docs/terraform/policy-validation/validate-policies#install) to install the terraform-tools component.
@@ -306,23 +306,23 @@ To use the `validate` option of the `tf-wrapper.sh` script, please follow the [i
./tf-wrapper.sh apply production
```
-1. Run `init` and `plan` and review output for environment non-production.
+1. Run `init` and `plan` and review output for environment nonproduction.
```bash
- ./tf-wrapper.sh init non-production
- ./tf-wrapper.sh plan non-production
+ ./tf-wrapper.sh init nonproduction
+ ./tf-wrapper.sh plan nonproduction
```
1. Run `validate` and check for violations.
```bash
- ./tf-wrapper.sh validate non-production $(pwd)/../policy-library ${CLOUD_BUILD_PROJECT_ID}
+ ./tf-wrapper.sh validate nonproduction $(pwd)/../policy-library ${CLOUD_BUILD_PROJECT_ID}
```
-1. Run `apply` non-production.
+1. Run `apply` nonproduction.
```bash
- ./tf-wrapper.sh apply non-production
+ ./tf-wrapper.sh apply nonproduction
```
1. Run `init` and `plan` and review output for environment development.
diff --git a/4-projects/business_unit_1/nonproduction/backend.tf b/4-projects/business_unit_1/nonproduction/backend.tf
index 34a8a6e5..7ab917fd 100644
--- a/4-projects/business_unit_1/nonproduction/backend.tf
+++ b/4-projects/business_unit_1/nonproduction/backend.tf
@@ -17,6 +17,6 @@
terraform {
backend "gcs" {
bucket = "UPDATE_PROJECTS_BACKEND"
- prefix = "terraform/projects/business_unit_1/non-production"
+ prefix = "terraform/projects/business_unit_1/nonproduction"
}
}
diff --git a/4-projects/business_unit_1/nonproduction/backend.tf.cloud.example b/4-projects/business_unit_1/nonproduction/backend.tf.cloud.example
index d9c7fc92..372b0799 100644
--- a/4-projects/business_unit_1/nonproduction/backend.tf.cloud.example
+++ b/4-projects/business_unit_1/nonproduction/backend.tf.cloud.example
@@ -17,7 +17,7 @@
terraform {
cloud {
workspaces {
- name = "4-bu1-non-production"
+ name = "4-bu1-nonproduction"
}
}
}
diff --git a/4-projects/business_unit_1/nonproduction/main.tf b/4-projects/business_unit_1/nonproduction/main.tf
index e2eb3680..b48e1594 100644
--- a/4-projects/business_unit_1/nonproduction/main.tf
+++ b/4-projects/business_unit_1/nonproduction/main.tf
@@ -17,7 +17,7 @@
module "env" {
source = "../../modules/base_env"
- env = "non-production"
+ env = "nonproduction"
business_code = "bu1"
business_unit = "business_unit_1"
remote_state_bucket = var.remote_state_bucket
diff --git a/4-projects/business_unit_2/nonproduction/backend.tf b/4-projects/business_unit_2/nonproduction/backend.tf
index d974c9f1..8d75824f 100644
--- a/4-projects/business_unit_2/nonproduction/backend.tf
+++ b/4-projects/business_unit_2/nonproduction/backend.tf
@@ -17,6 +17,6 @@
terraform {
backend "gcs" {
bucket = "UPDATE_PROJECTS_BACKEND"
- prefix = "terraform/projects/business_unit_2/non-production"
+ prefix = "terraform/projects/business_unit_2/nonproduction"
}
}
diff --git a/4-projects/business_unit_2/nonproduction/backend.tf.cloud.example b/4-projects/business_unit_2/nonproduction/backend.tf.cloud.example
index d102782c..f6921e66 100644
--- a/4-projects/business_unit_2/nonproduction/backend.tf.cloud.example
+++ b/4-projects/business_unit_2/nonproduction/backend.tf.cloud.example
@@ -17,7 +17,7 @@
terraform {
cloud {
workspaces {
- name = "4-bu2-non-production"
+ name = "4-bu2-nonproduction"
}
}
}
diff --git a/4-projects/business_unit_2/nonproduction/main.tf b/4-projects/business_unit_2/nonproduction/main.tf
index 36284bcc..ab157006 100644
--- a/4-projects/business_unit_2/nonproduction/main.tf
+++ b/4-projects/business_unit_2/nonproduction/main.tf
@@ -17,7 +17,7 @@
module "env" {
source = "../../modules/base_env"
- env = "non-production"
+ env = "nonproduction"
business_code = "bu2"
business_unit = "business_unit_2"
remote_state_bucket = var.remote_state_bucket
diff --git a/4-projects/modules/base_env/README.md b/4-projects/modules/base_env/README.md
index f072bf16..c0d40492 100644
--- a/4-projects/modules/base_env/README.md
+++ b/4-projects/modules/base_env/README.md
@@ -12,7 +12,7 @@
| key\_name | Name to be used for KMS Key | `string` | `"crypto-key-example"` | no |
| key\_rotation\_period | Rotation period in seconds to be used for KMS Key | `string` | `"7776000s"` | no |
| keyring\_name | Name to be used for KMS Keyring | `string` | `"sample-keyring"` | no |
-| kms\_prj\_suffix | Name suffix to use for KMS project created. | `string` | `"env-kms"` | no |
+| kms\_prj\_suffix | Name suffix to use for KMS project created. | `string` | `"kms"` | no |
| location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `"US"` | no |
| location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `"us"` | no |
| optional\_fw\_rules\_enabled | Toggle creation of optional firewall rules: Internal & Global load balancing health check and load balancing IP ranges. | `bool` | `false` | no |
diff --git a/4-projects/modules/base_env/example_base_shared_vpc_project.tf b/4-projects/modules/base_env/example_base_shared_vpc_project.tf
index 552ad2bd..2b7c5e7b 100644
--- a/4-projects/modules/base_env/example_base_shared_vpc_project.tf
+++ b/4-projects/modules/base_env/example_base_shared_vpc_project.tf
@@ -21,7 +21,7 @@ module "base_shared_vpc_project" {
billing_account = local.billing_account
folder_id = google_folder.env_business_unit.name
environment = var.env
- vpc_type = "base"
+ vpc = "base"
shared_vpc_host_project_id = local.base_host_project_id
shared_vpc_subnets = local.base_subnets_self_links
project_budget = var.project_budget
diff --git a/4-projects/modules/base_env/example_restricted_shared_vpc_project.tf b/4-projects/modules/base_env/example_restricted_shared_vpc_project.tf
index b3ca78da..13180b18 100644
--- a/4-projects/modules/base_env/example_restricted_shared_vpc_project.tf
+++ b/4-projects/modules/base_env/example_restricted_shared_vpc_project.tf
@@ -21,7 +21,7 @@ module "restricted_shared_vpc_project" {
billing_account = local.billing_account
folder_id = google_folder.env_business_unit.name
environment = var.env
- vpc_type = "restricted"
+ vpc = "restricted"
shared_vpc_host_project_id = local.restricted_host_project_id
shared_vpc_subnets = local.restricted_subnets_self_links
project_budget = var.project_budget
diff --git a/4-projects/modules/base_env/variables.tf b/4-projects/modules/base_env/variables.tf
index a1205c4d..25412be4 100644
--- a/4-projects/modules/base_env/variables.tf
+++ b/4-projects/modules/base_env/variables.tf
@@ -91,7 +91,7 @@ variable "project_budget" {
variable "kms_prj_suffix" {
description = "Name suffix to use for KMS project created."
type = string
- default = "env-kms"
+ default = "kms"
}
variable "location_kms" {
diff --git a/4-projects/modules/infra_pipelines/main.tf b/4-projects/modules/infra_pipelines/main.tf
index 0b7b396b..68ffeb47 100644
--- a/4-projects/modules/infra_pipelines/main.tf
+++ b/4-projects/modules/infra_pipelines/main.tf
@@ -84,7 +84,7 @@ module "tf_workspace" {
"_DOCKER_TAG_VERSION_TERRAFORM" = var.terraform_docker_tag_version
}
- tf_apply_branches = ["development", "non\\-production", "production"]
+ tf_apply_branches = ["development", "nonproduction", "production"]
depends_on = [
google_sourcerepo_repository.app_infra_repo,
diff --git a/4-projects/modules/single_project/README.md b/4-projects/modules/single_project/README.md
index 92e8d82b..622df0e3 100644
--- a/4-projects/modules/single_project/README.md
+++ b/4-projects/modules/single_project/README.md
@@ -8,7 +8,7 @@
| application\_name | The name of application where GCP resources relate | `string` | n/a | yes |
| billing\_account | The ID of the billing account to associated this project with | `string` | n/a | yes |
| billing\_code | The code that's used to provide chargeback information | `string` | n/a | yes |
-| business\_code | The code that describes which business unit owns the project | `string` | `"abcd"` | no |
+| business\_code | The code that describes which business unit owns the project | `string` | `"shared"` | no |
| enable\_cloudbuild\_deploy | Enable infra deployment using Cloud Build | `bool` | `false` | no |
| environment | The environment the single project belongs to | `string` | n/a | yes |
| folder\_id | The folder id where project will be created | `string` | n/a | yes |
@@ -21,10 +21,10 @@
| secondary\_contact | The secondary email contact for the project | `string` | `""` | no |
| shared\_vpc\_host\_project\_id | Shared VPC host project ID | `string` | `""` | no |
| shared\_vpc\_subnets | List of the shared vpc subnets self links. | `list(string)` | `[]` | no |
+| vpc | The type of VPC to attach the project to. Possible options are none, base or restricted. | `string` | `"none"` | no |
| vpc\_service\_control\_attach\_enabled | Whether the project will be attached to a VPC Service Control Perimeter | `bool` | `false` | no |
| vpc\_service\_control\_perimeter\_name | The name of a VPC Service Control Perimeter to add the created project to | `string` | `null` | no |
| vpc\_service\_control\_sleep\_duration | The duration to sleep in seconds before adding the project to a shared VPC after the project is added to the VPC Service Control Perimeter | `string` | `"5s"` | no |
-| vpc\_type | The type of VPC to attach the project to. Possible options are base or restricted. | `string` | `null` | no |
## Outputs
diff --git a/4-projects/modules/single_project/main.tf b/4-projects/modules/single_project/main.tf
index 765f69c1..fc8b53ff 100644
--- a/4-projects/modules/single_project/main.tf
+++ b/4-projects/modules/single_project/main.tf
@@ -51,7 +51,7 @@ module "project" {
random_project_id = true
random_project_id_length = 4
activate_apis = distinct(concat(var.activate_apis, ["billingbudgets.googleapis.com"]))
- name = "${var.project_prefix}-${local.env_code}-${var.business_code}${var.project_suffix}"
+ name = "${var.project_prefix}-${local.env_code}-${var.business_code}-${var.project_suffix}"
org_id = var.org_id
billing_account = var.billing_account
folder_id = var.folder_id
@@ -71,7 +71,7 @@ module "project" {
secondary_contact = element(split("@", var.secondary_contact), 0)
business_code = var.business_code
env_code = local.env_code
- vpc_type = var.vpc_type
+ vpc = var.vpc
}
budget_alert_pubsub_topic = var.project_budget.alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.alert_spent_percents