#387 - sync - 3-n-d-s - tef 20240511

3-networks-dual-svpc/README.md

@@ -21,7 +21,7 @@ organizational policy.</td>
 </tr>
 <tr>
 <td><a href="../2-environments"><span style="white-space: nowrap;">2-environments</span></a></td>
-<td>Sets up development, non-production, and production environments within the
+<td>Sets up development, nonproduction, and production environments within the
 Google Cloud organization that you've created.</td>
 </tr>
 <tr>
@@ -198,7 +198,7 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
    git commit -m 'Initialize networks repo'
    ```
 
-1. You must manually plan and apply the `shared` environment (only once) since the `development`, `non-production` and `production` environments depend on it.
+1. You must manually plan and apply the `shared` environment (only once) since the `development`, `nonproduction` and `production` environments depend on it.
 1. To use the `validate` option of the `tf-wrapper.sh` script, please follow the [instructions](https://cloud.google.com/docs/terraform/policy-validation/validate-policies#install) to install the terraform-tools component.
 1. Use `terraform output` to get the Cloud Build project ID and the networks step Terraform Service Account from 0-bootstrap output. An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set using the Terraform Service Account to enable impersonation.
 
@@ -254,13 +254,13 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
    git push origin development
    ```
 
-1. After development has been applied, apply non-production.
-1. Merge changes to non-production. Because this is a [named environment branch](../docs/FAQ.md#what-is-a-named-branch),
+1. After development has been applied, apply nonproduction.
+1. Merge changes to nonproduction. Because this is a [named environment branch](../docs/FAQ.md#what-is-a-named-branch),
    pushing to this branch triggers both _terraform plan_ and _terraform apply_. Review the apply output in your Cloud Build project https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
 
    ```bash
-   git checkout -b non-production
-   git push origin non-production
+   git checkout -b nonproduction
+   git push origin nonproduction
    ```
 
 1. Before executing the next steps, unset the `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` environment variable.
@@ -315,7 +315,7 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s
    sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars
    ````
 
-We will now deploy each of our environments(development/production/non-production) using this script.
+We will now deploy each of our environments(development/production/nonproduction) using this script.
 When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch in the repository for 3-networks-dual-svpc step
 and only the corresponding environment is applied.
 
@@ -369,23 +369,23 @@ To use the `validate` option of the `tf-wrapper.sh` script, please follow the [i
    ./tf-wrapper.sh apply production
    ```
 
-1. Run `init` and `plan` and review output for environment non-production.
+1. Run `init` and `plan` and review output for environment nonproduction.
 
    ```bash
-   ./tf-wrapper.sh init non-production
-   ./tf-wrapper.sh plan non-production
+   ./tf-wrapper.sh init nonproduction
+   ./tf-wrapper.sh plan nonproduction
    ```
 
 1. Run `validate` and check for violations.
 
    ```bash
-   ./tf-wrapper.sh validate non-production $(pwd)/../policy-library ${CLOUD_BUILD_PROJECT_ID}
+   ./tf-wrapper.sh validate nonproduction $(pwd)/../policy-library ${CLOUD_BUILD_PROJECT_ID}
    ```
 
-1. Run `apply` non-production.
+1. Run `apply` nonproduction.
 
    ```bash
-   ./tf-wrapper.sh apply non-production
+   ./tf-wrapper.sh apply nonproduction
    ```
 
 1. Run `init` and `plan` and review output for environment development.

3-networks-dual-svpc/common.auto.example.tfvars

@@ -1,5 +1,5 @@
 /**
- * Copyright 2022 Google LLC
+ * Copyright 2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

3-networks-dual-svpc/envs/nonproduction/README.md

@@ -1,12 +1,12 @@
-# 3-networks-dual-svpc/non-production
+# 3-networks-dual-svpc/nonproduction
 
-The purpose of this step is to set up base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem Dedicated Interconnect, onprem VPN and baseline firewall rules for environment non-production.
+The purpose of this step is to set up base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem Dedicated Interconnect, onprem VPN and baseline firewall rules for environment nonproduction.
 
 ## Prerequisites
 
 1. 0-bootstrap executed successfully.
 1. 1-org executed successfully.
-1. 2-environments/envs/non-production executed successfully.
+1. 2-environments/envs/nonproduction executed successfully.
 1. 3-networks-dual-svpc/envs/shared executed successfully.
 1. Obtain the value for the access_context_manager_policy_id variable. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)"`.
 

3-networks-dual-svpc/envs/nonproduction/backend.tf

@@ -17,6 +17,6 @@
 terraform {
   backend "gcs" {
     bucket = "UPDATE_ME"
-    prefix = "terraform/networks/non-production"
+    prefix = "terraform/networks/nonproduction"
   }
 }

3-networks-dual-svpc/envs/nonproduction/backend.tf.cloud.example

@@ -17,7 +17,7 @@
 terraform {
   cloud {
     workspaces {
-      name = "3-non-production"
+      name = "3-nonproduction"
     }
   }
 }

3-networks-dual-svpc/envs/nonproduction/main.tf

@@ -15,7 +15,7 @@
  */
 
 locals {
-  env              = "non-production"
+  env              = "nonproduction"
   environment_code = substr(local.env, 0, 1)
   default_region1  = "us-west1"
   default_region2  = "us-central1"

3-networks-dual-svpc/envs/shared/dns-hub.tf

@@ -23,12 +23,12 @@ module "dns_hub_vpc" {
   version = "~> 9.0"
 
   project_id                             = local.dns_hub_project_id
-  network_name                           = "vpc-c-dns-hub"
+  network_name                           = "vpc-net-dns"
   shared_vpc_host                        = "false"
   delete_default_internet_gateway_routes = "true"
 
   subnets = [{
-    subnet_name                      = "sb-c-dns-hub-${local.default_region1}"
+    subnet_name                      = "sb-net-dns-${local.default_region1}"
     subnet_ip                        = "172.16.0.0/25"
     subnet_region                    = local.default_region1
     subnet_private_access            = "true"
@@ -40,7 +40,7 @@ module "dns_hub_vpc" {
     subnet_flow_logs_filter          = var.vpc_flow_logs.filter_expr
     description                      = "DNS hub subnet for region 1."
     }, {
-    subnet_name                      = "sb-c-dns-hub-${local.default_region2}"
+    subnet_name                      = "sb-net-dns-${local.default_region2}"
     subnet_ip                        = "172.16.0.128/25"
     subnet_region                    = local.default_region2
     subnet_private_access            = "true"
@@ -54,7 +54,7 @@ module "dns_hub_vpc" {
   }]
 
   routes = [{
-    name              = "rt-c-dns-hub-1000-all-default-private-api"
+    name              = "rt-net-dns-1000-all-default-private-api"
     description       = "Route through IGW to allow private google api access."
     destination_range = "199.36.153.8/30"
     next_hop_internet = "true"
@@ -103,7 +103,7 @@ module "dns_hub_region1_router1" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 6.0"
 
-  name    = "cr-c-dns-hub-${local.default_region1}-cr1"
+  name    = "cr-net-dns-${local.default_region1}-cr1"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
   region  = local.default_region1
@@ -117,7 +117,7 @@ module "dns_hub_region1_router2" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 6.0"
 
-  name    = "cr-c-dns-hub-${local.default_region1}-cr2"
+  name    = "cr-net-dns-${local.default_region1}-cr2"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
   region  = local.default_region1
@@ -131,7 +131,7 @@ module "dns_hub_region2_router1" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 6.0"
 
-  name    = "cr-c-dns-hub-${local.default_region2}-cr3"
+  name    = "cr-net-dns-${local.default_region2}-cr3"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
   region  = local.default_region2
@@ -145,7 +145,7 @@ module "dns_hub_region2_router2" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 6.0"
 
-  name    = "cr-c-dns-hub-${local.default_region2}-cr4"
+  name    = "cr-net-dns-${local.default_region2}-cr4"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
   region  = local.default_region2

3-networks-dual-svpc/envs/shared/hierarchical_firewall.tf

@@ -25,7 +25,7 @@ module "hierarchical_firewall_policy" {
     local.bootstrap_folder_name,
     local.development_folder_name,
     local.production_folder_name,
-    local.non_production_folder_name,
+    local.nonproduction_folder_name,
   ]
   rules = {
     delegate-rfc1918-ingress = {

3-networks-dual-svpc/envs/shared/interconnect.tf.example

@@ -17,7 +17,7 @@
 module "dns_hub_interconnect" {
   source = "../../modules/dedicated_interconnect"
 
-  vpc_name                = "c-dns-hub"
+  vpc_name                = "net-dns"
   interconnect_project_id = local.dns_hub_project_id
 
   region1                                 = local.default_region1

3-networks-dual-svpc/envs/shared/partner_interconnect.tf.example

@@ -17,7 +17,7 @@
 module "dns_hub_interconnect" {
   source = "../../modules/partner_interconnect"
 
-  vpc_name              = "c-dns-hub"
+  vpc_name              = "net-dns"
   attachment_project_id = local.dns_hub_project_id
   preactivate           = var.preactivate_partner_interconnect
 

3-networks-dual-svpc/envs/shared/remote.tf

@@ -28,7 +28,7 @@ locals {
   common_folder_name         = data.terraform_remote_state.org.outputs.common_folder_name
   network_folder_name        = data.terraform_remote_state.org.outputs.network_folder_name
   development_folder_name    = data.terraform_remote_state.env_development.outputs.env_folder
-  non_production_folder_name = data.terraform_remote_state.env_non_production.outputs.env_folder
+  nonproduction_folder_name  = data.terraform_remote_state.env_nonproduction.outputs.env_folder
   production_folder_name     = data.terraform_remote_state.env_production.outputs.env_folder
 }
 
@@ -59,12 +59,12 @@ data "terraform_remote_state" "env_development" {
   }
 }
 
-data "terraform_remote_state" "env_non_production" {
+data "terraform_remote_state" "env_nonproduction" {
   backend = "gcs"
 
   config = {
     bucket = var.remote_state_bucket
-    prefix = "terraform/environments/non-production"
+    prefix = "terraform/environments/nonproduction"
   }
 }
 

3-networks-dual-svpc/envs/shared/remote.tf.cloud.example

@@ -28,7 +28,7 @@ locals {
   common_folder_name         = data.tfe_outputs.org.nonsensitive_values.common_folder_name
   network_folder_name        = data.tfe_outputs.org.nonsensitive_values.network_folder_name
   development_folder_name    = data.tfe_outputs.env_development.nonsensitive_values.env_folder
-  non_production_folder_name = data.tfe_outputs.env_non_production.nonsensitive_values.env_folder
+  nonproduction_folder_name  = data.tfe_outputs.env_nonproduction.nonsensitive_values.env_folder
   production_folder_name     = data.tfe_outputs.env_production.nonsensitive_values.env_folder
 }
 
@@ -47,9 +47,9 @@ data "tfe_outputs" "env_development" {
   workspace    = "2-development"
 }
 
-data "tfe_outputs" "env_non_production" {
+data "tfe_outputs" "env_nonproduction" {
   organization = var.tfc_org_name
-  workspace    = "2-non-production"
+  workspace    = "2-nonproduction"
 }
 
 data "tfe_outputs" "env_production" {

3-networks-dual-svpc/modules/base_env/interconnect.tf.example

@@ -27,7 +27,7 @@ locals {
       region2_interconnect2_candidate_subnets = ["169.254.0.216/29"]
       region2_interconnect2_vlan_tag8021q     = "3908"
     },
-    "non-production" = {
+    "nonproduction" = {
       region1_interconnect1_candidate_subnets = ["169.254.0.128/29"]
       region1_interconnect1_vlan_tag8021q     = "3915"
       region1_interconnect2_candidate_subnets = ["169.254.0.136/29"]
@@ -60,7 +60,7 @@ locals {
       region2_interconnect2_candidate_subnets = ["169.254.0.184/29"]
       region2_interconnect2_vlan_tag8021q     = "3904"
     },
-    "non-production" = {
+    "nonproduction" = {
       region1_interconnect1_candidate_subnets = ["169.254.0.96/29"]
       region1_interconnect1_vlan_tag8021q     = "3911"
       region1_interconnect2_candidate_subnets = ["169.254.0.104/29"]

3-networks-dual-svpc/modules/base_shared_vpc/dns.tf

@@ -32,7 +32,7 @@ resource "google_dns_policy" "default_policy" {
  Creates DNS Peering to DNS HUB
 *****************************************/
 data "google_compute_network" "vpc_dns_hub" {
-  name    = "vpc-c-dns-hub"
+  name    = "vpc-net-dns"
   project = var.dns_hub_project_id
 }
 

3-networks-dual-svpc/modules/partner_interconnect/README.md

@@ -4,7 +4,7 @@ This module implements the recommendation proposed in [Establishing 99.99% Avail
 
 ## Prerequisites
 
-1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder and `prj-c-dns-hub` under the folder `fldr-common`.
+1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder and `prj-net-dns` under the folder `fldr-common`.
 
 ## Usage
 

3-networks-dual-svpc/modules/restricted_shared_vpc/dns.tf

@@ -32,7 +32,7 @@ resource "google_dns_policy" "default_policy" {
  Creates DNS Peering to DNS HUB
 *****************************************/
 data "google_compute_network" "vpc_dns_hub" {
-  name    = "vpc-c-dns-hub"
+  name    = "vpc-net-dns"
   project = var.dns_hub_project_id
 }