merge main

.github/workflows/lint.yaml

@@ -48,10 +48,10 @@ jobs:
         env:
           DISABLE_TFLINT: 1
           ENABLE_PARALLEL: 0
-          EXCLUDE_LINT_DIRS: \./examples/machine-learning-pipeline|\./docs/assets/terraform|\./5-app-infra/projects/service-catalog/business_unit_3/shared|\./5-app-infra/projects/artifact-publish/business_unit_3/shared
+          EXCLUDE_LINT_DIRS: \./examples/machine-learning-pipeline|\./docs/assets/terraform|\./5-app-infra/projects/service-catalog/ml_business_unit/shared|\./5-app-infra/projects/artifact-publish/ml_business_unit/shared
 
       - run: docker run --rm -e DISABLE_TFLINT -e ENABLE_PARALLEL -e EXCLUDE_LINT_DIRS -v ${{ github.workspace }}:/workspace ${{ steps.variables.outputs.dev-tools }} /usr/local/bin/test_lint.sh
         env:
           DISABLE_TFLINT: 1
           ENABLE_PARALLEL: 0
-          EXCLUDE_LINT_DIRS: \./examples/machine-learning-pipeline|\./docs/assets/terraform|\./5-app-infra/projects/service-catalog/business_unit_3/shared|\./5-app-infra/projects/artifact-publish/business_unit_3/shared
+          EXCLUDE_LINT_DIRS: \./examples/machine-learning-pipeline|\./docs/assets/terraform|\./5-app-infra/projects/service-catalog/ml_business_unit/shared|\./5-app-infra/projects/artifact-publish/ml_business_unit/shared

0-bootstrap/README-GitHub.md

@@ -843,8 +843,8 @@ An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set with th
    mv production.auto.example.tfvars production.auto.tfvars
    ```
 
-1. See any of the envs folder [README.md](../4-projects/business_unit_1/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
-1. See any of the shared folder [README.md](../4-projects/business_unit_1/shared/README.md#inputs) files for additional information on the values in the `shared.auto.tfvars` file.
+1. See any of the envs folder [README.md](../4-projects/ml_business_unit/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
+1. See any of the shared folder [README.md](../4-projects/ml_business_unit/shared/README.md#inputs) files for additional information on the values in the `shared.auto.tfvars` file.
 
 1. Use `terraform output` to get the backend bucket value from bootstrap output.
 
@@ -862,7 +862,7 @@ An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set with th
    git commit -m 'Initialize projects repo'
    ```
 
-1. You need to manually plan and apply only once the `business_unit_1/shared` and `business_unit_2/shared` environments since `development`, `non-production`, and `production` depend on them.
+1. You need to manually plan and apply only once the `ml_business_unit/shared` environments since `development`, `non-production`, and `production` depend on them.
 
 1. Use `terraform output` to get the CI/CD project ID and the projects step Terraform Service Account from gcp-bootstrap output.
 1. The CI/CD project ID will be used in the [validation](https://cloud.google.com/docs/terraform/policy-validation/quickstart) of the Terraform configuration

0-bootstrap/README-Jenkins.md

@@ -872,8 +872,8 @@ Here you will configure a VPN Network tunnel to enable connectivity between the
    mv production.auto.example.tfvars production.auto.tfvars
    ```
 
-1. See any of the envs folder [README.md](../4-projects/business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
-1. See any of the shared folder [README.md](../4-projects/business_unit_1/shared/README.md) files for additional information on the values in the `shared.auto.tfvars` file.
+1. See any of the envs folder [README.md](../4-projects/ml_business_unit/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
+1. See any of the shared folder [README.md](../4-projects/ml_business_unit/shared/README.md) files for additional information on the values in the `shared.auto.tfvars` file.
 1. Use `terraform output` to get the backend bucket value from 0-bootstrap output.
 
    ```bash

0-bootstrap/README-Terraform-Cloud.md

@@ -771,16 +771,15 @@ An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set with th
    mv production.auto.example.tfvars production.auto.tfvars
    ```
 
-1. See any of the envs folder [README.md](../4-projects/business_unit_1/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
-1. See any of the shared folder [README.md](../4-projects/business_unit_1/shared/README.md#inputs) files for additional information on the values in the `shared.auto.tfvars` file.
+1. See any of the envs folder [README.md](../4-projects/ml_business_unit/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
+1. See any of the shared folder [README.md](../4-projects/ml_business_unit/shared/README.md#inputs) files for additional information on the values in the `shared.auto.tfvars` file.
 
-1. You need to manually plan and apply only once the `business_unit_1/shared` and `business_unit_2/shared` environments since `development`, `non-production`, and `production` depend on them.
+1. You need to manually plan and apply only once the `ml_business_unit/shared` environments since `development`, `non-production`, and `production` depend on them.
 
 1. In order to manually run the apply for shared workspace from your local we need to temporary unset the TFC backend by renaming `envs/shared/backend.tf` to `envs/shared/backend.tf.temporary_disabled`.
 
    ```bash
-   mv business_unit_1/shared/backend.tf business_unit_1/shared/backend.tf.temporary_disabled
-   mv business_unit_2/shared/backend.tf business_unit_2/shared/backend.tf.temporary_disabled
+   mv ml_business_unit/shared/backend.tf ml_business_unit/shared/backend.tf.temporary_disabled
    ```
 
 1. Use `terraform output` to get the CI/CD project ID and the projects step Terraform Service Account from gcp-bootstrap output.
@@ -831,10 +830,8 @@ An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set with th
 1. In order to set the TFC backend for shared workspace we now can rename `envs/shared/backend.tf.temporary_disabled` to `envs/shared/backend.tf` and run `terraform init`. When you're prompted, agree to copy Terraform state to Terraform Cloud.
 
    ```bash
-   mv business_unit_1/shared/backend.tf.temporary_disabled business_unit_1/shared/backend.tf
-   mv business_unit_2/shared/backend.tf.temporary_disabled business_unit_2/shared/backend.tf
-   terraform -chdir="business_unit_1/shared/" init
-   terraform -chdir="business_unit_2/shared/" init
+   mv ml_business_unit/shared/backend.tf.temporary_disabled ml_business_unit/shared/backend.tf
+   terraform -chdir="ml_business_unit/shared/" init
    ```
 
 1. Commit changes

0-bootstrap/terraform_cloud.tf.example

@@ -63,14 +63,10 @@ locals {
       "3-shared"         = { vcs_branch = "production", directory = "/envs/shared" },
     },
     "proj" = {
-      "4-bu1-production"     = { vcs_branch = "production", directory = "/business_unit_1/production" },
-      "4-bu1-non-production" = { vcs_branch = "non-production", directory = "/business_unit_1/non-production" },
-      "4-bu1-development"    = { vcs_branch = "development", directory = "/business_unit_1/development" },
-      "4-bu1-shared"         = { vcs_branch = "production", directory = "/business_unit_1/shared" },
-      "4-bu2-production"     = { vcs_branch = "production", directory = "/business_unit_2/production" },
-      "4-bu2-non-production" = { vcs_branch = "non-production", directory = "/business_unit_2/non-production" },
-      "4-bu2-development"    = { vcs_branch = "development", directory = "/business_unit_2/development" },
-      "4-bu2-shared"         = { vcs_branch = "production", directory = "/business_unit_2/shared" },
+      "4-ml-production"     = { vcs_branch = "production", directory = "/ml_business_unit/production" },
+      "4-ml-non-production" = { vcs_branch = "non-production", directory = "/ml_business_unit/non-production" },
+      "4-ml-development"    = { vcs_branch = "development", directory = "/ml_business_unit/development" },
+      "4-ml-shared"         = { vcs_branch = "production", directory = "/ml_business_unit/shared" },
 
     },
   }
@@ -218,14 +214,9 @@ resource "tfe_run_trigger" "networks_shared_production" {
   sourceable_id = tfe_workspace.main["3-shared"].id
 }
 
-resource "tfe_run_trigger" "projects_bu1_shared_production" {
-  workspace_id  = tfe_workspace.main["4-bu1-production"].id
-  sourceable_id = tfe_workspace.main["4-bu1-shared"].id
-}
-
-resource "tfe_run_trigger" "projects_bu2_shared_production" {
-  workspace_id  = tfe_workspace.main["4-bu2-production"].id
-  sourceable_id = tfe_workspace.main["4-bu2-shared"].id
+resource "tfe_run_trigger" "projects_ml_shared_production" {
+  workspace_id  = tfe_workspace.main["4-ml-production"].id
+  sourceable_id = tfe_workspace.main["4-ml-shared"].id
 }
 
 module "tfc_cicd" {

4-projects/README.md

@@ -57,7 +57,7 @@ For an overview of the architecture and the parts, see the
 
 The purpose of this step is to set up the folder structure, projects, and infrastructure pipelines for applications that are connected as service projects to the shared VPC created in the previous stage.
 
-For each business unit, a shared `infra-pipeline` project is created along with Cloud Build triggers, CSRs for application infrastructure code and Google Cloud Storage buckets for state storage.
+For machine learning business unit, a shared `infra-pipeline` project is created along with Cloud Build triggers, CSRs for application infrastructure code and Google Cloud Storage buckets for state storage.
 
 This step follows the same [conventions](https://github.com/GoogleCloudPlatform/terraform-google-enterprise-genai#branching-strategy) as the Foundation pipeline deployed in [0-bootstrap](https://github.com/GoogleCloudPlatform/terraform-google-enterprise-genai/blob/master/0-bootstrap/README.md).
 A custom [workspace](https://github.com/terraform-google-modules/terraform-google-bootstrap/blob/master/modules/tf_cloudbuild_workspace/README.md) (`bu1-example-app`) is created by this pipeline and necessary roles are granted to the Terraform Service Account of this workspace by enabling variable `sa_roles` as shown in this [example](https://github.com/GoogleCloudPlatform/terraform-google-enterprise-genai/blob/master/4-projects/modules/base_env/example_base_shared_vpc_project.tf).
@@ -122,8 +122,9 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
    mv production.auto.example.tfvars production.auto.tfvars
    ```
 
-1. See any of the envs folder [README.md](./business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
-1. See any of the shared folder [README.md](./business_unit_1/shared/README.md) files for additional information on the values in the `shared.auto.tfvars` file.
+1. See any of the envs folder [README.md](./ml_business_unit/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
+
+1. See any of the shared folder [README.md](./ml_business_unit/shared/README.md) files for additional information on the values in the `shared.auto.tfvars` file.
 
 1. Use `terraform output` to get the backend bucket value from 0-bootstrap output.
 
@@ -141,8 +142,10 @@ Run `terraform output cloudbuild_project_id` in the `0-bootstrap` folder to get
    git commit -m 'Initialize projects repo'
    ```
 
-1. You need to manually plan and apply only once the `business_unit_1/shared` and `business_unit_2/shared` environments since `development`, `non-production`, and `production` depend on them.
+1. You need to manually plan and apply only once the `ml_business_unit/shared` environments since `development`, `non-production`, and `production` depend on them.
+
 1. To use the `validate` option of the `tf-wrapper.sh` script, please follow the [instructions](https://cloud.google.com/docs/terraform/policy-validation/validate-policies#install) to install the terraform-tools component.
+
 1. Use `terraform output` to get the Cloud Build project ID and the projects step Terraform Service Account from 0-bootstrap output. An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set using the Terraform Service Account to enable impersonation.
 
    ```bash
@@ -253,8 +256,8 @@ See `0-bootstrap` [README-GitHub.md](../0-bootstrap/README-GitHub.md#deploying-s
    mv production.auto.example.tfvars production.auto.tfvars
    ```
 
-1. See any of the envs folder [README.md](./business_unit_1/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
-   See any of the shared folder [README.md](./business_unit_1/shared/README.md) files for additional information on the values in the `shared.auto.tfvars` file.
+1. See any of the envs folder [README.md](./ml_business_unit/production/README.md) files for additional information on the values in the `common.auto.tfvars`, `development.auto.tfvars`, `non-production.auto.tfvars`, and `production.auto.tfvars` files.
+   See any of the shared folder [README.md](./ml_business_unit/shared/README.md) files for additional information on the values in the `shared.auto.tfvars` file.
    Use `terraform output` to get the remote state bucket (the backend bucket used by previous steps) value from `0-bootstrap` output.
 
    ```bash

4-projects/business_unit_3/production/backend.tf → 4-projects/ml_business_unit/development/backend.tf

@@ -17,6 +17,6 @@
 terraform {
   backend "gcs" {
     bucket = "UPDATE_PROJECTS_BACKEND"
-    prefix = "terraform/projects/business_unit_3/production"
+    prefix = "terraform/projects/ml_business_unit/development"
   }
 }

4-projects/business_unit_3/production/backend.tf.cloud.example → 4-projects/ml_business_unit/development/backend.tf.cloud.example

@@ -17,7 +17,7 @@
 terraform {
   cloud {
     workspaces {
-      name = "4-bu3-production"
+      name = "4-ml-development"
     }
   }
 }

4-projects/business_unit_3/non-production/locals.tf → 4-projects/ml_business_unit/development/locals.tf

@@ -13,7 +13,7 @@
 # limitations under the License.
 #
 locals {
-  repo_name     = "bu3-composer"
-  business_code = "bu3"
-  business_unit = "business_unit_3"
+  repo_name     = "ml-composer"
+  business_code = "ml"
+  business_unit = "ml_business_unit"
 }

4-projects/business_unit_3/non-production/backend.tf → 4-projects/ml_business_unit/non-production/backend.tf

@@ -17,6 +17,6 @@
 terraform {
   backend "gcs" {
     bucket = "UPDATE_PROJECTS_BACKEND"
-    prefix = "terraform/projects/business_unit_3/non-production"
+    prefix = "terraform/projects/ml_business_unit/non-production"
   }
 }

4-projects/business_unit_3/non-production/backend.tf.cloud.example → 4-projects/ml_business_unit/non-production/backend.tf.cloud.example

@@ -17,7 +17,7 @@
 terraform {
   cloud {
     workspaces {
-      name = "4-bu3-non-production"
+      name = "4-ml-non-production"
     }
   }
 }

4-projects/business_unit_3/production/locals.tf → 4-projects/ml_business_unit/non-production/locals.tf

@@ -13,7 +13,7 @@
 # limitations under the License.
 #
 locals {
-  repo_name     = "bu3-composer"
-  business_code = "bu3"
-  business_unit = "business_unit_3"
+  repo_name     = "ml-composer"
+  business_code = "ml"
+  business_unit = "ml_business_unit"
 }

4-projects/business_unit_3/development/backend.tf → 4-projects/ml_business_unit/production/backend.tf

@@ -17,6 +17,6 @@
 terraform {
   backend "gcs" {
     bucket = "UPDATE_PROJECTS_BACKEND"
-    prefix = "terraform/projects/business_unit_3/development"
+    prefix = "terraform/projects/ml_business_unit/production"
   }
 }

4-projects/business_unit_3/development/backend.tf.cloud.example → 4-projects/ml_business_unit/production/backend.tf.cloud.example

@@ -17,7 +17,7 @@
 terraform {
   cloud {
     workspaces {
-      name = "4-bu3-development"
+      name = "4-ml-production"
     }
   }
 }

4-projects/business_unit_3/development/locals.tf → 4-projects/ml_business_unit/production/locals.tf

@@ -13,7 +13,7 @@
 # limitations under the License.
 #
 locals {
-  repo_name     = "bu3-composer"
-  business_code = "bu3"
-  business_unit = "business_unit_3"
+  repo_name     = "ml-composer"
+  business_code = "ml"
+  business_unit = "ml_business_unit"
 }

4-projects/business_unit_3/shared/backend.tf → 4-projects/ml_business_unit/shared/backend.tf

@@ -17,6 +17,6 @@
 terraform {
   backend "gcs" {
     bucket = "UPDATE_PROJECTS_BACKEND"
-    prefix = "terraform/projects/business_unit_3/shared"
+    prefix = "terraform/projects/ml_business_unit/shared"
   }
 }

4-projects/business_unit_3/shared/backend.tf.cloud.example → 4-projects/ml_business_unit/shared/backend.tf.cloud.example

@@ -17,7 +17,7 @@
 terraform {
   cloud {
     workspaces {
-      name = "4-bu2-shared"
+      name = "4-ml-shared"
     }
   }
 }

4-projects/business_unit_3/shared/example_infra_pipeline.tf → 4-projects/ml_business_unit/shared/example_infra_pipeline.tf

@@ -16,9 +16,9 @@
 
 locals {
   repo_names = [
-    "bu3-artifact-publish",
-    "bu3-service-catalog",
-    "bu3-machine-learning",
+    "ml-artifact-publish",
+    "ml-service-catalog",
+    "ml-machine-learning",
   ]
 }
 
@@ -50,7 +50,7 @@ module "app_infra_cloudbuild_project" {
   billing_code      = "1234"
   primary_contact   = "[email protected]"
   secondary_contact = "[email protected]"
-  business_code     = "bu3"
+  business_code     = "ml"
 }
 
 module "infra_pipelines" {

4-projects/business_unit_3/shared/ml_infra_projects.tf → 4-projects/ml_business_unit/shared/ml_infra_projects.tf

@@ -22,15 +22,15 @@ module "ml_infra_projects" {
   billing_account                        = local.billing_account
   environment                            = "common"
   key_rings                              = local.shared_kms_key_ring
-  business_code                          = "bu3"
+  business_code                          = "ml"
   billing_code                           = "1234"
   primary_contact                        = "[email protected]"
   secondary_contact                      = "[email protected]"
   cloud_source_artifacts_repo_name       = var.cloud_source_artifacts_repo_name
   cloud_source_service_catalog_repo_name = var.cloud_source_service_catalog_repo_name
   remote_state_bucket                    = var.remote_state_bucket
-  artifacts_infra_pipeline_sa            = module.infra_pipelines[0].terraform_service_accounts["bu3-artifact-publish"]
-  service_catalog_infra_pipeline_sa      = module.infra_pipelines[0].terraform_service_accounts["bu3-service-catalog"]
+  artifacts_infra_pipeline_sa            = module.infra_pipelines[0].terraform_service_accounts["ml-artifact-publish"]
+  service_catalog_infra_pipeline_sa      = module.infra_pipelines[0].terraform_service_accounts["ml-service-catalog"]
   environment_kms_project_id             = ""
   prevent_destroy                        = var.prevent_destroy
 }

4-projects/modules/composer_env/variables.tf

@@ -105,6 +105,6 @@ variable "shared_kms_key_ring" {
 }
 
 variable "business_unit" {
-  description = "The business (ex. business_unit_1)."
+  description = "The business (ex. ml_business_unit)."
   type        = string
 }

4-projects/modules/env_folders/variables.tf

@@ -15,7 +15,7 @@
  */
 
 variable "business_code" {
-  description = "The business code (ex. bu1)."
+  description = "The business code (ex. ml)."
   type        = string
 }
 

4-projects/modules/ml_env/example_vertex.tf

@@ -59,7 +59,7 @@ module "machine_learning_project" {
   // Map for the roles where the key is the repository name ("${var.business_code}-example-app")
   // and the value is the list of roles that this SA need to deploy step 5-app-infra
   sa_roles = {
-    "bu3-machine-learning" = [
+    "ml-machine-learning" = [
       "roles/aiplatform.admin",
       "roles/artifactregistry.admin",
       "roles/bigquery.admin",
@@ -162,7 +162,7 @@ resource "google_kms_crypto_key_iam_member" "kms_admin" {
   for_each      = module.machine_learning_project.kms_keys
   crypto_key_id = each.value.id
   role          = "roles/cloudkms.admin"
-  member        = "serviceAccount:${local.app_infra_pipeline_service_accounts["bu3-machine-learning"]}"
+  member        = "serviceAccount:${local.app_infra_pipeline_service_accounts["ml-machine-learning"]}"
 }
 
 // Add crypto key viewer role to kms environment project
@@ -212,7 +212,7 @@ resource "google_sourcerepo_repository_iam_member" "read" {
   project    = local.service_catalog_project_id
   repository = local.service_catalog_repo_name
   role       = "roles/viewer"
-  member     = "serviceAccount:${local.app_infra_pipeline_service_accounts["bu3-machine-learning"]}"
+  member     = "serviceAccount:${local.app_infra_pipeline_service_accounts["ml-machine-learning"]}"
 }
 
 // Add Browser Role to CloudBuild at Env Folder

4-projects/modules/ml_env/variables.tf

@@ -15,12 +15,12 @@
  */
 
 variable "business_code" {
-  description = "The business code (ex. bu1)."
+  description = "The business code (ex. ml)."
   type        = string
 }
 
 variable "business_unit" {
-  description = "The business (ex. business_unit_1)."
+  description = "The business (ex. ml_business_unit)."
   type        = string
 }