Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: remove base vpc and change in perimeter #5

Open
wants to merge 90 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
90 commits
Select commit Hold shift + click to select a range
79b82e7
first commit
mariammartins Oct 24, 2024
a41d95d
removing base_shared service projects
mariammartins Oct 31, 2024
e8e85eb
fix example storage cmek
mariammartins Nov 5, 2024
6e0efc8
fixes
mariammartins Nov 5, 2024
d2db667
changing network step name and references to 3-networks-svpc
mariammartins Nov 5, 2024
ebee33f
replacing shared resources and references names to svpc
mariammartins Nov 5, 2024
bf909fc
fix lint
mariammartins Nov 5, 2024
491877c
fix 2-environments step
mariammartins Nov 5, 2024
3093e88
fix network steps
mariammartins Nov 5, 2024
e388658
fix network svps step
mariammartins Nov 5, 2024
1cd4a08
fix 4-projects step
mariammartins Nov 5, 2024
d02b55a
remove some base references
mariammartins Nov 7, 2024
a1a0671
delete base shared vpc resources
mariammartins Nov 8, 2024
906092a
rm base shared project in integration tests
mariammartins Nov 8, 2024
9192c5f
rm network hub and spoke base project resources
mariammartins Nov 8, 2024
803ca3e
fix hub and spoke README
mariammartins Nov 8, 2024
cca43b5
fix READMEs
mariammartins Nov 8, 2024
0f3df1e
solve conflicts
mariammartins Nov 11, 2024
efd9fe3
fix README
mariammartins Nov 11, 2024
69a206d
gitignore
mariammartins Nov 11, 2024
66e954f
fix tfvars
mariammartins Nov 11, 2024
8243830
fix conflicts
mariammartins Nov 12, 2024
a285303
fix conflicts
mariammartins Nov 12, 2024
2da2f19
updating 1-org step with service control
mariammartins Nov 18, 2024
726ae2c
fix variables and network modules
mariammartins Nov 18, 2024
ac1f07a
add bootstrap outputs
mariammartins Nov 24, 2024
178bd44
Merge branch 'master' into refactor/remove-base-VPC
mariammartins Nov 24, 2024
f552c92
fix output number
mariammartins Nov 24, 2024
e246487
fix output
mariammartins Nov 24, 2024
81f64dc
add service control modules
mariammartins Nov 24, 2024
16cc49f
fix output
mariammartins Nov 24, 2024
82e0b29
fix 1-org step
mariammartins Nov 25, 2024
bb1f1c1
grant access policy admin env sa
mariammartins Nov 25, 2024
7c842c7
fix 2-envivonrmnet step
mariammartins Nov 25, 2024
89ab184
docker generate docks and test lint
mariammartins Nov 25, 2024
ca3a0bf
step 3-networks-svps refactoring
mariammartins Nov 27, 2024
a7eced0
updt remote file
mariammartins Nov 27, 2024
af46884
refactoring step 4
mariammartins Nov 27, 2024
dc2f0cc
add terraform.example.tfvars
mariammartins Dec 3, 2024
745c6ab
rm tf-wrapper
mariammartins Dec 3, 2024
34edfe2
upd README 1-org
mariammartins Dec 3, 2024
2eff10a
upd terraform.example.tfvars
mariammartins Dec 3, 2024
509a182
fix 3-network-svpc README
mariammartins Dec 3, 2024
7e549ed
upd 4-projects step
mariammartins Dec 3, 2024
a429aa8
rm sample-base peering instance
mariammartins Dec 3, 2024
804d8ec
upd env prj subnets
mariammartins Dec 3, 2024
eb1a7cf
fix lint
mariammartins Dec 3, 2024
8aa2337
fix add bootstrap prjs resource
mariammartins Dec 3, 2024
10f7f5c
fix lint
mariammartins Dec 3, 2024
57bc48e
add depends on
mariammartins Dec 3, 2024
4145dd4
add instructions to include app infra pipeline SA in the perimeter
mariammartins Dec 3, 2024
6596445
rm base prj references
mariammartins Dec 3, 2024
6bc0d16
rm base prj references
mariammartins Dec 3, 2024
a136c5c
fix linta
mariammartins Dec 4, 2024
ec8193e
fix lint
mariammartins Dec 4, 2024
3924636
rm perimeter variable hub and spoke
mariammartins Dec 4, 2024
15cfc30
rm perimeter variable svpc
mariammartins Dec 4, 2024
a2d5ade
review fixes
mariammartins Dec 5, 2024
353affd
uncommenting the header
mariammartins Dec 5, 2024
0de7de0
rm Restricted Outputs comments
mariammartins Dec 5, 2024
2e2012b
add new line in the end of file
mariammartins Dec 5, 2024
5e85832
fix lint
mariammartins Dec 5, 2024
476e411
rm restricted term from host_project
mariammartins Dec 5, 2024
9cb6ce0
rm restricted name hub and spoke resources
mariammartins Dec 5, 2024
abe3ec8
rm restricted name svpc network
mariammartins Dec 5, 2024
c6d4f38
rm restricted name projects resources
mariammartins Dec 5, 2024
55ba378
rm restricted name from subnets_self_links
mariammartins Dec 5, 2024
d20955f
rm restricted name in newtork_hub module
mariammartins Dec 5, 2024
b8709c7
rm restricted name in network module and shared files
mariammartins Dec 5, 2024
4f269bb
rm some restricted references in shared files
mariammartins Dec 5, 2024
50b03f3
rm restricted name in shared vpc host project module
mariammartins Dec 5, 2024
083d2aa
upd application name label
mariammartins Dec 5, 2024
a893962
rm some restricted names in service control and network modules
mariammartins Dec 5, 2024
a600ec2
rm restricted name
mariammartins Dec 5, 2024
8d0381c
rm restricted vpc label and prefix
mariammartins Dec 5, 2024
3bccb7f
rm restricted references
mariammartins Dec 5, 2024
73c0810
fix locals
mariammartins Dec 5, 2024
0b576c5
fix 3-networks-svpc step
mariammartins Dec 5, 2024
3cf7b3f
fix interconnect example
mariammartins Dec 5, 2024
af31b41
rm 3-networks-hub-and-spoke restricted resources
mariammartins Dec 5, 2024
8831dd9
rm restricted references
mariammartins Dec 5, 2024
06b7a71
fix parter interconnect README
mariammartins Dec 5, 2024
195e298
fix README and main
mariammartins Dec 5, 2024
be04cc0
rm restricted reference in resources
mariammartins Dec 5, 2024
1386456
rm restricted references
mariammartins Dec 5, 2024
0a62c24
fix integration tests, shared files and root README
mariammartins Dec 5, 2024
6d48a0d
fixes
mariammartins Dec 5, 2024
958472a
fix shared vpc project name in locals
mariammartins Dec 6, 2024
bf87065
add random version
mariammartins Dec 6, 2024
469a01a
fix integration tests, shared vpc module and bootstrap README
mariammartins Dec 6, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions 0-bootstrap/README-GitHub.md
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ export the GitHub fine grained access token as an environment variable:
terraform apply bootstrap.tfplan
```

1. Run `terraform output` to get the email address of the terraform service accounts that will be used to run manual steps for `shared` environments in steps `3-networks-dual-svpc`, `3-networks-hub-and-spoke`, and `4-projects`.
1. Run `terraform output` to get the email address of the terraform service accounts that will be used to run manual steps for `shared` environments in steps `3-networks-svpc`, `3-networks-hub-and-spoke`, and `4-projects`.

```bash
export network_step_sa=$(terraform output -raw networks_step_terraform_service_account_email)
Expand Down Expand Up @@ -508,7 +508,7 @@ See any of the envs folder [README.md](../2-environments/envs/production/README.
1. Review merge output in GitHub https://github.com/GITHUB-OWNER/GITHUB-ENVIRONMENTS-REPO/actions under `tf-apply`.

1. You can now move to the instructions in the network stage.
To use the [Dual Shared VPC](https://cloud.google.com/architecture/security-foundations/networking#vpcsharedvpc-id7-1-shared-vpc-) network mode go to [Deploying step 3-networks-dual-svpc](#deploying-step-3-networks-dual-svpc),
To use the [Dual Shared VPC](https://cloud.google.com/architecture/security-foundations/networking#vpcsharedvpc-id7-1-shared-vpc-) network mode go to [Deploying step 3-networks-svpc](#deploying-step-3-networks-svpc),
or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hub-and-spoke) to use the [Hub and Spoke](https://cloud.google.com/architecture/security-foundations/networking#hub-and-spoke) network mode.

1. Before moving to the next step, go back to the parent directory.
Expand All @@ -517,9 +517,9 @@ or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hu
cd ..
```

## Deploying step 3-networks-dual-svpc
## Deploying step 3-networks-svpc

1. Clone the repository you created to host the `3-networks-dual-svpc` terraform configuration at the same level of the `terraform-example-foundation` folder.
1. Clone the repository you created to host the `3-networks-svpc` terraform configuration at the same level of the `terraform-example-foundation` folder.

```bash
git clone [email protected]:<GITHUB-OWNER>/<GITHUB-NETWORKS-REPO>.git gcp-networks
Expand Down Expand Up @@ -557,7 +557,7 @@ or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hu
1. Copy contents of foundation to new repo.

```bash
cp -RT ../terraform-example-foundation/3-networks-dual-svpc/ .
cp -RT ../terraform-example-foundation/3-networks-svpc/ .
cp -RT ../terraform-example-foundation/policy-library/ ./policy-library
mkdir -p .github/workflows
cp ../terraform-example-foundation/build/github-tf-* ./.github/workflows/
Expand Down Expand Up @@ -587,8 +587,8 @@ or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hu
```

1. Update `common.auto.tfvars` file with values from your GCP environment.
See any of the envs folder [README.md](../3-networks-dual-svpc/envs/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars` file.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the restricted project.
See any of the envs folder [README.md](../3-networks-svpc/envs/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars` file.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the shared vpc project.
1. Update the `remote_state_bucket` variable with the backend bucket from step Bootstrap in the `common.auto.tfvars` file.

```bash
Expand Down Expand Up @@ -744,7 +744,7 @@ An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set with th

1. Update `common.auto.tfvars` file with values from your GCP environment.
See any of the envs folder [README.md](../3-networks-hub-and-spoke/envs/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars` file.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the restricted project.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the shared vpc project.
1. Update the `remote_state_bucket` variable with the backend bucket from step Bootstrap in the `common.auto.tfvars` file.

```bash
Expand Down
14 changes: 7 additions & 7 deletions 0-bootstrap/README-GitLab.md
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,7 @@ export the GitLab personal or group access token as an environment variable:
terraform apply bootstrap.tfplan
```

1. Run `terraform output` to get the email address of the terraform service accounts that will be used to run manual steps for `shared` environments in steps `3-networks-dual-svpc`, `3-networks-hub-and-spoke`, and `4-projects`.
1. Run `terraform output` to get the email address of the terraform service accounts that will be used to run manual steps for `shared` environments in steps `3-networks-svpc`, `3-networks-hub-and-spoke`, and `4-projects`.

```bash
export network_step_sa=$(terraform output -raw networks_step_terraform_service_account_email)
Expand Down Expand Up @@ -539,10 +539,10 @@ See any of the envs folder [README.md](../2-environments/envs/production/README.
```

1. You can now move to the instructions in the network stage.
To use the [Dual Shared VPC](https://cloud.google.com/architecture/security-foundations/networking#vpcsharedvpc-id7-1-shared-vpc-) network mode go to [Deploying step 3-networks-dual-svpc](#deploying-step-3-networks-dual-svpc),
To use the [Dual Shared VPC](https://cloud.google.com/architecture/security-foundations/networking#vpcsharedvpc-id7-1-shared-vpc-) network mode go to [Deploying step 3-networks-svpc](#deploying-step-3-networks-svpc),
or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hub-and-spoke) to use the [Hub and Spoke](https://cloud.google.com/architecture/security-foundations/networking#hub-and-spoke) network mode.

## Deploying step 3-networks-dual-svpc
## Deploying step 3-networks-svpc

1. Navigate into the repo. All subsequent steps assume you are running them from the `gcp-networks` directory.
If you run them from another directory, adjust your copy paths accordingly.
Expand All @@ -560,7 +560,7 @@ or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hu
1. Copy contents of foundation to new repo.

```bash
cp -RT ../terraform-example-foundation/3-networks-dual-svpc/ .
cp -RT ../terraform-example-foundation/3-networks-svpc/ .
cp -RT ../terraform-example-foundation/policy-library/ ./policy-library
cp ../terraform-example-foundation/build/gitlab-ci.yml ./.gitlab-ci.yml
cp ../terraform-example-foundation/build/run_gcp_auth.sh .
Expand Down Expand Up @@ -590,8 +590,8 @@ or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hu
```

1. Update `common.auto.tfvars` file with values from your GCP environment.
See any of the envs folder [README.md](../3-networks-dual-svpc/envs/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars` file.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the restricted project.
See any of the envs folder [README.md](../3-networks-svpc/envs/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars` file.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the shared vpc.
1. Update the `remote_state_bucket` variable with the backend bucket from step Bootstrap in the `common.auto.tfvars` file.

```bash
Expand Down Expand Up @@ -725,7 +725,7 @@ An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set with th

1. Update `common.auto.tfvars` file with values from your GCP environment.
See any of the envs folder [README.md](../3-networks-hub-and-spoke/envs/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars` file.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the restricted project.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the shared vpc.
1. Update the `remote_state_bucket` variable with the backend bucket from step Bootstrap in the `common.auto.tfvars` file.

```bash
Expand Down
8 changes: 4 additions & 4 deletions 0-bootstrap/README-Jenkins.md
Original file line number Diff line number Diff line change
Expand Up @@ -546,9 +546,9 @@ Here you will configure a VPN Network tunnel to enable connectivity between the
```

1. Review the apply output in your Controller's web UI (you might want to use the option to "Scan Multibranch Pipeline Now" in your Jenkins Controller UI).
1. You can now move to the instructions in the next step, go to [Deploying step 3-networks-dual-svpc](#deploying-step-3-networks-dual-svpc) to use the Dual Shared VPC mode, or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hub-and-spoke) to use the Hub and Spoke network mode.
1. You can now move to the instructions in the next step, go to [Deploying step 3-networks-svpc](#deploying-step-3-networks-svpc) to use the Dual Shared VPC mode, or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hub-and-spoke) to use the Hub and Spoke network mode.

## Deploying step 3-networks-dual-svpc
## Deploying step 3-networks-svpc

1. Clone the repo you created manually in 0-bootstrap.

Expand All @@ -568,7 +568,7 @@ Here you will configure a VPN Network tunnel to enable connectivity between the
1. Copy contents of foundation to new repo.

```bash
cp -RT ../terraform-example-foundation/3-networks-dual-svpc/ .
cp -RT ../terraform-example-foundation/3-networks-svpc/ .
cp -RT ../terraform-example-foundation/policy-library/ ./policy-library
cp ../terraform-example-foundation/build/Jenkinsfile .
cp ../terraform-example-foundation/build/tf-wrapper.sh .
Expand Down Expand Up @@ -607,7 +607,7 @@ Here you will configure a VPN Network tunnel to enable connectivity between the
mv access_context.auto.example.tfvars access_context.auto.tfvars
```

1. Update `common.auto.tfvars` file with values from your environment and bootstrap. See any of the envs folder [README.md](../3-networks-dual-svpc/envs/production/README.md) files for additional information on the values in the `common.auto.tfvars` file.
1. Update `common.auto.tfvars` file with values from your environment and bootstrap. See any of the envs folder [README.md](../3-networks-svpc/envs/production/README.md) files for additional information on the values in the `common.auto.tfvars` file.
1. Update `shared.auto.tfvars` file with the `target_name_server_addresses`.
1. Update `access_context.auto.tfvars` file with the `access_context_manager_policy_id`.
1. Use `terraform output` to get the backend bucket and networks step Terraform Service Account values from gcp-bootstrap output.
Expand Down
16 changes: 8 additions & 8 deletions 0-bootstrap/README-Terraform-Cloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,7 @@ export the OAuth Token ID as an environment variable:
1. Run `terraform plan -input=false -out bootstrap_2.tfplan`
1. Run `terraform apply bootstrap_2.tfplan`

1. Run `terraform output` to get the email address of the terraform service accounts that will be used to run manual steps for `shared` environments in steps `3-networks-dual-svpc`, `3-networks-hub-and-spoke`, and `4-projects`.
1. Run `terraform output` to get the email address of the terraform service accounts that will be used to run manual steps for `shared` environments in steps `3-networks-svpc`, `3-networks-hub-and-spoke`, and `4-projects`.

```bash
export network_step_sa=$(terraform output -raw networks_step_terraform_service_account_email)
Expand All @@ -230,7 +230,7 @@ export the OAuth Token ID as an environment variable:
echo "CI/CD Project ID = ${cicd_project_id}"
```

1. Run `terraform output` to get the name of the TFC organization and export it as environment variables. `TF_CLOUD_ORGANIZATION` variable will be used by the `cloud` block in order to move the local Terraform's state to TFC and `TF_VAR_tfc_org_name` will be used to run manual steps for `shared` environments in steps `3-networks-dual-svpc`, `3-networks-hub-and-spoke`, and `4-projects`
1. Run `terraform output` to get the name of the TFC organization and export it as environment variables. `TF_CLOUD_ORGANIZATION` variable will be used by the `cloud` block in order to move the local Terraform's state to TFC and `TF_VAR_tfc_org_name` will be used to run manual steps for `shared` environments in steps `3-networks-svpc`, `3-networks-hub-and-spoke`, and `4-projects`

```bash
export TF_CLOUD_ORGANIZATION=$(terraform output -raw tfc_org_name)
Expand Down Expand Up @@ -441,7 +441,7 @@ See any of the envs folder [README.md](../2-environments/envs/production/README.
1. Review apply output in Terraform Cloud https://app.terraform.io/app/TFC-ORGANIZATION-NAME/workspaces/2-production/runs under `Run List` item.

1. You can now move to the instructions in the network stage.
To use the [Dual Shared VPC](https://cloud.google.com/architecture/security-foundations/networking#vpcsharedvpc-id7-1-shared-vpc-) network mode go to [Deploying step 3-networks-dual-svpc](#deploying-step-3-networks-dual-svpc),
To use the [Dual Shared VPC](https://cloud.google.com/architecture/security-foundations/networking#vpcsharedvpc-id7-1-shared-vpc-) network mode go to [Deploying step 3-networks-svpc](#deploying-step-3-networks-svpc),
or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hub-and-spoke) to use the [Hub and Spoke](https://cloud.google.com/architecture/security-foundations/networking#hub-and-spoke) network mode.

1. Before moving to the next step, go back to the parent directory.
Expand All @@ -450,7 +450,7 @@ or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hu
cd ..
```

## Deploying step 3-networks-dual-svpc
## Deploying step 3-networks-svpc

**Note:** For all purposes we treat `shared` environment as `production` environment due to the possible impacts into `production`. So `3-production` TFC workspace have a [Run Trigger](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers) sourcing `3-shared` TFC workspace, which means that every time you successfully run an apply job in `3-shared` TFC workspace, a `Plan and apply` job will be triggered automatically for `3-production` TFC workspace. (All the applies will continue requiring manual approvals in TFC console).

Expand All @@ -470,7 +470,7 @@ or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hu
1. Copy contents of foundation to new repo.

```bash
cp -RT ../terraform-example-foundation/3-networks-dual-svpc/ .
cp -RT ../terraform-example-foundation/3-networks-svpc/ .
cp -RT ../terraform-example-foundation/policy-library/ ./policy-library
cp ../terraform-example-foundation/build/tf-wrapper.sh .
chmod 755 ./tf-wrapper.sh
Expand Down Expand Up @@ -498,8 +498,8 @@ or go to [Deploying step 3-networks-hub-and-spoke](#deploying-step-3-networks-hu
```

1. Update `common.auto.tfvars` file with values from your GCP environment.
See any of the envs folder [README.md](../3-networks-dual-svpc/envs/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars` file.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the restricted project.
See any of the envs folder [README.md](../3-networks-svpc/envs/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars` file.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the shared vpc.

1. You must manually plan and apply the `shared` environment from your (only once) since the `development`, `nonproduction` and `production` environments depend on it.

Expand Down Expand Up @@ -648,7 +648,7 @@ An environment variable `GOOGLE_IMPERSONATE_SERVICE_ACCOUNT` will be set with th

1. Update `common.auto.tfvars` file with values from your GCP environment.
See any of the envs folder [README.md](../3-networks-hub-and-spoke/envs/production/README.md#inputs) files for additional information on the values in the `common.auto.tfvars` file.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the restricted project.
1. You must add your user email in the variable `perimeter_additional_members` to be able to see the resources created in the shared vpc.

1. You must manually plan and apply the `shared` environment (only once) since the `development`, `nonproduction` and `production` environments depend on it.

Expand Down
12 changes: 7 additions & 5 deletions 0-bootstrap/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,16 +25,16 @@ organizational policy.</td>
Google Cloud organization that you've created.</td>
</tr>
<tr>
<td><a href="../3-networks-dual-svpc">3-networks-dual-svpc</a></td>
<td>Sets up base and restricted shared VPCs with default DNS, NAT (optional),
<td><a href="../3-networks-svpc">3-networks-svpc</a></td>
<td>Sets up shared VPCs with default DNS, NAT (optional),
Private Service networking, VPC service controls, on-premises Dedicated
Interconnect, and baseline firewall rules for each environment. It also sets
up the global DNS hub.</td>
</tr>
<tr>
<td><a href="../3-networks-hub-and-spoke">3-networks-hub-and-spoke</a></td>
<td>Sets up base and restricted shared VPCs with all the default configuration
found on step 3-networks-dual-svpc, but here the architecture will be based on the
<td>Sets up shared VPCs with all the default configuration
found on step 3-networks-svpc, but here the architecture will be based on the
Hub and Spoke network model. It also sets up the global DNS hub.</td>
</tr>
</tr>
Expand Down Expand Up @@ -245,7 +245,7 @@ The following steps introduce the steps to deploy with Cloud Build Alternatively
terraform apply bootstrap.tfplan
```

1. Run `terraform output` to get the email address of the terraform service accounts that will be used to run manual steps for `shared` environments in steps `3-networks-dual-svpc`, `3-networks-hub-and-spoke`, and `4-projects` and the state bucket that will be used by step 4-projects.
1. Run `terraform output` to get the email address of the terraform service accounts that will be used to run manual steps for `shared` environments in steps `3-networks-svpc`, `3-networks-hub-and-spoke`, and `4-projects` and the state bucket that will be used by step 4-projects.

```bash
export network_step_sa=$(terraform output -raw networks_step_terraform_service_account_email)
Expand Down Expand Up @@ -382,6 +382,7 @@ Each step has instructions for this change.
| cloud\_build\_worker\_range\_id | The Cloud Build private worker IP range ID. |
| cloud\_builder\_artifact\_repo | Artifact Registry (AR) Repository created to store TF Cloud Builder images. |
| cloudbuild\_project\_id | Project where Cloud Build configuration and terraform container image will reside. |
| cloudbuild\_project\_number | The cloudbuild project number. |
| common\_config | Common configuration data to be used in other steps. |
| csr\_repos | List of Cloud Source Repos created by the module, linked to Cloud Build triggers. |
| environment\_step\_terraform\_service\_account\_email | Environment Step Terraform Account |
Expand All @@ -395,5 +396,6 @@ Each step has instructions for this change.
| projects\_step\_terraform\_service\_account\_email | Projects Step Terraform Account |
| required\_groups | List of Google Groups created that are required by the Example Foundation steps. |
| seed\_project\_id | Project where service accounts and core APIs will be enabled. |
| seed\_project\_number | The seed project number. |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
5 changes: 5 additions & 0 deletions 0-bootstrap/cb.tf
Original file line number Diff line number Diff line change
Expand Up @@ -273,3 +273,8 @@ resource "google_sourcerepo_repository_iam_member" "member" {
role = "roles/viewer"
member = "serviceAccount:${google_service_account.terraform-env-sa[each.key].email}"
}

data "google_project" "cloudbuild_project" {
project_id = module.tf_source.cloudbuild_project_id
depends_on = [module.tf_source]
}
Loading
Loading