#387 - 3-nhas finish - tef 20240511

3-networks-hub-and-spoke/README.md

@@ -21,7 +21,7 @@ organizational policy.</td>
 </tr>
 <tr>
 <td><a href="../2-environments"><span style="white-space: nowrap;">2-environments</span></a></td>
-<td>Sets up development, non-production, and production environments within the
+<td>Sets up development, nonproduction, and production environments within the
 Google Cloud organization that you've created.</td>
 </tr>
 <tr>
@@ -202,7 +202,7 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
    git commit -m 'Initialize networks repo'
    ```
 
-1. You must manually plan and apply the `shared` environment (only once) since the `development`, `non-production` and `production` environments depend on it.
+1. You must manually plan and apply the `shared` environment (only once) since the `development`, `nonproduction` and `production` environments depend on it.
 1. To use the `validate` option of the `tf-wrapper.sh` script, please follow the [instructions](https://cloud.google.com/docs/terraform/policy-validation/validate-policies#install) to install the terraform-tools component.
 1. Use `terraform output` to get the Cloud Build project ID and the networks step Terraform Service Account from 0-bootstrap output. An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set using the Terraform Service Account to enable impersonation.
 
@@ -258,13 +258,13 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
    git push origin development
    ```
 
-1. After development has been applied, apply non-production.
-1. Merge changes to non-production. Because this is a [named environment branch](../docs/FAQ.md#what-is-a-named-branch),
+1. After development has been applied, apply nonproduction.
+1. Merge changes to nonproduction. Because this is a [named environment branch](../docs/FAQ.md#what-is-a-named-branch),
    pushing to this branch triggers both _terraform plan_ and _terraform apply_. Review the apply output in your Cloud Build project https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
 
    ```bash
-   git checkout -b non-production
-   git push origin non-production
+   git checkout -b nonproduction
+   git push origin nonproduction
    ```
 
 1. Before executing the next steps, unset the `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` environment variable.
@@ -319,7 +319,7 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s
    sed -i'' -e "s/REMOTE_STATE_BUCKET/${backend_bucket}/" ./common.auto.tfvars
    ```
 
-We will now deploy each of our environments(development/production/non-production) using this script.
+We will now deploy each of our environments(development/production/nonproduction) using this script.
 When using Cloud Build or Jenkins as your CI/CD tool each environment corresponds to a branch in the repository for 3-networks-hub-and-spoke step
 and only the corresponding environment is applied.
 
@@ -373,23 +373,23 @@ To use the `validate` option of the `tf-wrapper.sh` script, please follow the [i
    ./tf-wrapper.sh apply production
    ```
 
-1. Run `init` and `plan` and review output for environment non-production.
+1. Run `init` and `plan` and review output for environment nonproduction.
 
    ```bash
-   ./tf-wrapper.sh init non-production
-   ./tf-wrapper.sh plan non-production
+   ./tf-wrapper.sh init nonproduction
+   ./tf-wrapper.sh plan nonproduction
    ```
 
 1. Run `validate` and check for violations.
 
    ```bash
-   ./tf-wrapper.sh validate non-production $(pwd)/../policy-library ${CLOUD_BUILD_PROJECT_ID}
+   ./tf-wrapper.sh validate nonproduction $(pwd)/../policy-library ${CLOUD_BUILD_PROJECT_ID}
    ```
 
-1. Run `apply` non-production.
+1. Run `apply` nonproduction.
 
    ```bash
-   ./tf-wrapper.sh apply non-production
+   ./tf-wrapper.sh apply nonproduction
    ```
 
 1. Run `init` and `plan` and review output for environment development.

3-networks-hub-and-spoke/envs/nonproduction/README.md

@@ -1,12 +1,12 @@
-# 3-networks-hub-and-spoke/non-production
+# 3-networks-hub-and-spoke/nonproduction
 
-The purpose of this step is to set up base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem Dedicated Interconnect, onprem VPN and baseline firewall rules for environment non-production. This version of the Network step will makes usage of the Hub and Spoke network architecture.
+The purpose of this step is to set up base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem Dedicated Interconnect, onprem VPN and baseline firewall rules for environment nonproduction. This version of the Network step will makes usage of the Hub and Spoke network architecture.
 
 ## Prerequisites
 
 1. 0-bootstrap executed successfully.
 1. 1-org executed successfully.
-1. 2-environments/envs/non-production executed successfully.
+1. 2-environments/envs/nonproduction executed successfully.
 1. 3-networks-hub-and-spoke/envs/shared executed successfully.
 1. Obtain the value for the access_context_manager_policy_id variable. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)"`.
 

3-networks-hub-and-spoke/envs/nonproduction/backend.tf

@@ -17,6 +17,6 @@
 terraform {
   backend "gcs" {
     bucket = "UPDATE_ME"
-    prefix = "terraform/networks/non-production"
+    prefix = "terraform/networks/nonproduction"
   }
 }

3-networks-hub-and-spoke/envs/nonproduction/backend.tf.cloud.example

@@ -17,7 +17,7 @@
 terraform {
   cloud {
     workspaces {
-      name = "3-non-production"
+      name = "3-nonproduction"
     }
   }
 }

3-networks-hub-and-spoke/envs/nonproduction/main.tf

@@ -15,7 +15,7 @@
  */
 
 locals {
-  env              = "non-production"
+  env              = "nonproduction"
   environment_code = substr(local.env, 0, 1)
   default_region1  = "us-west1"
   default_region2  = "us-central1"

3-networks-hub-and-spoke/envs/production/README.md

@@ -1,6 +1,6 @@
 # 3-networks-hub-and-spoke/production
 
-The purpose of this step is to set up base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem Dedicated Interconnect, onprem VPN and baseline firewall rules for environment non-production. This version of the Network step will makes usage of the Hub and Spoke network architecture.
+The purpose of this step is to set up base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem Dedicated Interconnect, onprem VPN and baseline firewall rules for environment nonproduction. This version of the Network step will makes usage of the Hub and Spoke network architecture.
 
 ## Prerequisites
 

3-networks-hub-and-spoke/envs/shared/dns-hub.tf

@@ -23,12 +23,12 @@ module "dns_hub_vpc" {
   version = "~> 9.0"
 
   project_id                             = local.dns_hub_project_id
-  network_name                           = "vpc-c-dns-hub"
+  network_name                           = "vpc-net-dns"
   shared_vpc_host                        = "false"
   delete_default_internet_gateway_routes = "true"
 
   subnets = [{
-    subnet_name                      = "sb-c-dns-hub-${local.default_region1}"
+    subnet_name                      = "sb-net-dns-${local.default_region1}"
     subnet_ip                        = "172.16.0.0/25"
     subnet_region                    = local.default_region1
     subnet_private_access            = "true"
@@ -40,7 +40,7 @@ module "dns_hub_vpc" {
     subnet_flow_logs_filter          = var.dns_vpc_flow_logs.filter_expr
     description                      = "DNS hub subnet for region 1."
     }, {
-    subnet_name                      = "sb-c-dns-hub-${local.default_region2}"
+    subnet_name                      = "sb-net-dns-${local.default_region2}"
     subnet_ip                        = "172.16.0.128/25"
     subnet_region                    = local.default_region2
     subnet_private_access            = "true"
@@ -54,7 +54,7 @@ module "dns_hub_vpc" {
   }]
 
   routes = [{
-    name              = "rt-c-dns-hub-1000-all-default-private-api"
+    name              = "rt-net-dns-1000-all-default-private-api"
     description       = "Route through IGW to allow private google api access."
     destination_range = "199.36.153.8/30"
     next_hop_internet = "true"
@@ -103,7 +103,7 @@ module "dns_hub_region1_router1" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 6.0"
 
-  name    = "cr-c-dns-hub-${local.default_region1}-cr1"
+  name    = "cr-net-dns-${local.default_region1}-cr1"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
   region  = local.default_region1
@@ -117,7 +117,7 @@ module "dns_hub_region1_router2" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 6.0"
 
-  name    = "cr-c-dns-hub-${local.default_region1}-cr2"
+  name    = "cr-net-dns-${local.default_region1}-cr2"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
   region  = local.default_region1
@@ -131,7 +131,7 @@ module "dns_hub_region2_router1" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 6.0"
 
-  name    = "cr-c-dns-hub-${local.default_region2}-cr3"
+  name    = "cr-net-dns-${local.default_region2}-cr3"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
   region  = local.default_region2
@@ -145,7 +145,7 @@ module "dns_hub_region2_router2" {
   source  = "terraform-google-modules/cloud-router/google"
   version = "~> 6.0"
 
-  name    = "cr-c-dns-hub-${local.default_region2}-cr4"
+  name    = "cr-net-dns-${local.default_region2}-cr4"
   project = local.dns_hub_project_id
   network = module.dns_hub_vpc.network_name
   region  = local.default_region2

3-networks-hub-and-spoke/envs/shared/hierarchical_firewall.tf

@@ -25,7 +25,7 @@ module "hierarchical_firewall_policy" {
     local.bootstrap_folder_name,
     local.development_folder_name,
     local.production_folder_name,
-    local.non_production_folder_name,
+    local.nonproduction_folder_name,
   ]
   rules = {
     delegate-rfc1918-ingress = {

3-networks-hub-and-spoke/envs/shared/interconnect.tf.example

@@ -17,7 +17,7 @@
 module "dns_hub_interconnect" {
   source = "../../modules/dedicated_interconnect"
 
-  vpc_name                = "c-dns-hub"
+  vpc_name                = "net-dns"
   interconnect_project_id = local.dns_hub_project_id
 
   region1                                 = local.default_region1

3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example

@@ -18,7 +18,7 @@
 module "dns_hub_interconnect" {
   source = "../../modules/partner_interconnect"
 
-  vpc_name              = "c-dns-hub"
+  vpc_name              = "net-dns"
   attachment_project_id = local.dns_hub_project_id
   preactivate           = var.preactivate_partner_interconnect
 

3-networks-hub-and-spoke/envs/shared/remote.tf

@@ -29,7 +29,7 @@ locals {
   common_folder_name                = data.terraform_remote_state.org.outputs.common_folder_name
   network_folder_name               = data.terraform_remote_state.org.outputs.network_folder_name
   development_folder_name           = data.terraform_remote_state.env_development.outputs.env_folder
-  non_production_folder_name        = data.terraform_remote_state.env_non_production.outputs.env_folder
+  nonproduction_folder_name         = data.terraform_remote_state.env_nonproduction.outputs.env_folder
   production_folder_name            = data.terraform_remote_state.env_production.outputs.env_folder
   base_net_hub_project_id           = data.terraform_remote_state.org.outputs.base_net_hub_project_id
   restricted_net_hub_project_id     = data.terraform_remote_state.org.outputs.restricted_net_hub_project_id
@@ -66,12 +66,12 @@ data "terraform_remote_state" "env_development" {
   }
 }
 
-data "terraform_remote_state" "env_non_production" {
+data "terraform_remote_state" "env_nonproduction" {
   backend = "gcs"
 
   config = {
     bucket = var.remote_state_bucket
-    prefix = "terraform/environments/non-production"
+    prefix = "terraform/environments/nonproduction"
   }
 }
 

3-networks-hub-and-spoke/envs/shared/remote.tf.cloud.example

@@ -29,7 +29,7 @@ locals {
   common_folder_name                = data.tfe_outputs.org.nonsensitive_values.common_folder_name
   network_folder_name               = data.tfe_outputs.org.nonsensitive_values.network_folder_name
   development_folder_name           = data.tfe_outputs.env_development.nonsensitive_values.env_folder
-  non_production_folder_name        = data.tfe_outputs.env_non_production.nonsensitive_values.env_folder
+  nonproduction_folder_name         = data.tfe_outputs.env_nonproduction.nonsensitive_values.env_folder
   production_folder_name            = data.tfe_outputs.env_production.nonsensitive_values.env_folder
   base_net_hub_project_id           = data.tfe_outputs.org.nonsensitive_values.base_net_hub_project_id
   restricted_net_hub_project_id     = data.tfe_outputs.org.nonsensitive_values.restricted_net_hub_project_id
@@ -54,9 +54,9 @@ data "tfe_outputs" "env_development" {
   workspace    = "2-development"
 }
 
-data "tfe_outputs" "env_non_production" {
+data "tfe_outputs" "env_nonproduction" {
   organization = var.tfc_org_name
-  workspace    = "2-non-production"
+  workspace    = "2-nonproduction"
 }
 
 data "tfe_outputs" "env_production" {

3-networks-hub-and-spoke/modules/base_shared_vpc/dns.tf

@@ -32,7 +32,7 @@ resource "google_dns_policy" "default_policy" {
  Creates DNS Peering to DNS HUB
 *****************************************/
 data "google_compute_network" "vpc_dns_hub" {
-  name    = "vpc-c-dns-hub"
+  name    = "vpc-net-dns"
   project = var.dns_hub_project_id
 }
 

3-networks-hub-and-spoke/modules/partner_interconnect/README.md

@@ -4,7 +4,7 @@ This module implements the recommendation proposed in [Establishing 99.99% Avail
 
 ## Prerequisites
 
-1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` and  `prj-c-dns-hub` under the folder `fldr-common` in case of Hub and Spoke architecture.
+1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` and  `prj-net-dns` under the folder `fldr-common` in case of Hub and Spoke architecture.
 
 ## Usage