Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(CI): remove business_unit_2 to reduce CI scope #1241

Merged
merged 6 commits into from
May 17, 2024
Merged

chore(CI): remove business_unit_2 to reduce CI scope #1241

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
90e0fa8
Remove extra projects from business_unit_2 to help improve CI tests. …
eeaton May 16, 2024
c1421bb
Removed additional instances of bu2, business_unit_2 in test and scri…
eeaton May 17, 2024
e7061be
Remove extra projects from business_unit_2 to help improve CI tests. …
eeaton May 16, 2024
8891c11
Removed additional instances of bu2, business_unit_2 in test and scri…
eeaton May 17, 2024
ca96ff6
Merge branch 'remove-bu2' of https://github.com/eeaton/terraform-exam…
eeaton May 17, 2024
7a813ac
fix error: """Error: /workspace/test/integration/projects/projects_te…
eeaton May 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .github/workflows/go-lint.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: lint
name: go-lint
on:
pull_request:
branches:
Expand All @@ -29,20 +29,20 @@ concurrency:

jobs:
golangci:
name: lint
name: golangci-lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
folder: [helpers/foundation-deployer]
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: ${{ matrix.folder }}/go.mod
cache-dependency-path: ${{ matrix.folder }}/go.sum
- name: golangci-lint
uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: latest
working-directory: ${{ matrix.folder }}
Expand Down
51 changes: 51 additions & 0 deletions .github/workflows/go-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: go-test

on:
pull_request:
branches:
- 'master'
paths:
- 'helpers/foundation-deployer/**'
- '.github/workflows/go-test.yaml'

permissions:
contents: read

concurrency:
group: '${{github.workflow}}-${{ github.head_ref || github.ref }}'
cancel-in-progress: true

jobs:
go-test:
name: go-test
runs-on: 'ubuntu-latest'
strategy:
fail-fast: false
matrix:
folder: [helpers/foundation-deployer]
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: ${{ matrix.folder }}/go.mod
cache-dependency-path: ${{ matrix.folder }}/go.sum
- run: |-
git config --global user.name 'Cloud Foundation Bot'
git config --global user.email '[email protected]'
go test ./... -v
shell: bash
working-directory: ${{ matrix.folder }}
14 changes: 14 additions & 0 deletions 0-bootstrap/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,20 @@ Set the variables in **terraform.tfvars** (`groups` block) to use the specific g
- The `roles/resourcemanager.projectCreator` role on the Google Cloud organization.
- The `roles/billing.admin` role on the billing account.
- The `roles/resourcemanager.folderCreator` role.
- The `roles/securitycenter.admin` role.

```bash
# example:
gcloud organizations add-iam-policy-binding ${ORG_ID} --member=user:$SUPER_ADMIN_EMAIL --role=roles/securitycenter.admin --quiet > /dev/null 1>&1
```
1. Enable the following additional services on your current bootstrap project:
```bash
gcloud services enable cloudresourcemanager.googleapis.com
gcloud services enable cloudbilling.googleapis.com
gcloud services enable iam.googleapis.com
gcloud services enable cloudkms.googleapis.com
gcloud services enable servicenetworking.googleapis.com
```

### Optional - Automatic creation of Google Cloud Identity groups

Expand Down
13 changes: 6 additions & 7 deletions 1-org/envs/shared/projects.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ module "interconnect" {
random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
name = "${local.project_prefix}-c-interconnect"
name = "${local.project_prefix}-net-interconnect"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand a large portion of these label changes are already in main - I noticed them when I was doing an upstream sync last sunday
specific example
net-interconnect for 171
https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/1-org/envs/shared/projects.tf#L171

also minor and not really functionality affecting but there is a pending PR on 2 changes that look to have been missed in the last PR on this yaml
https://github.com/terraform-google-modules/terraform-example-foundation/pull/1232/files
for #1231

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we are good - I was using a 3hr old diff view - 1-org is out of the patch now
/lgtm

org_id = local.org_id
billing_account = local.billing_account
folder_id = google_folder.network.id
Expand Down Expand Up @@ -234,7 +234,7 @@ module "dns_hub" {
random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
name = "${local.project_prefix}-c-dns-hub"
name = "${local.project_prefix}-net-dns"
org_id = local.org_id
billing_account = local.billing_account
folder_id = google_folder.network.id
Expand Down Expand Up @@ -276,7 +276,7 @@ module "base_network_hub" {
random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
name = "${local.project_prefix}-c-base-net-hub"
name = "${local.project_prefix}-net-hub-base"
org_id = local.org_id
billing_account = local.billing_account
folder_id = google_folder.network.id
Expand All @@ -292,8 +292,7 @@ module "base_network_hub" {

labels = {
environment = "network"
environment = "production"
application_name = "org-base-net-hub"
application_name = "org-net-hub-base"
billing_code = "1234"
primary_contact = "example1"
secondary_contact = "example2"
Expand Down Expand Up @@ -327,7 +326,7 @@ module "restricted_network_hub" {
random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
name = "${local.project_prefix}-c-restricted-net-hub"
name = "${local.project_prefix}-net-hub-restricted"
org_id = local.org_id
billing_account = local.billing_account
folder_id = google_folder.network.id
Expand All @@ -343,7 +342,7 @@ module "restricted_network_hub" {

labels = {
environment = "network"
application_name = "org-restricted-net-hub"
application_name = "org-net-hub-restricted"
billing_code = "1234"
primary_contact = "example1"
secondary_contact = "example2"
Expand Down
4 changes: 0 additions & 4 deletions 1-org/envs/shared/terraform.example.tfvars
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,6 @@ domains_to_allow = ["example.com"]

essential_contacts_domains_to_allow = ["@example.com"]

billing_data_users = "[email protected]"

audit_data_users = "[email protected]"

scc_notification_name = "scc-notify"

remote_state_bucket = "REMOTE_STATE_BUCKET"
Expand Down
2 changes: 1 addition & 1 deletion 2-environments/envs/nonproduction/terraform.tfvars
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
../../terraform.example.tfvars
../../terraform.tfvars
16 changes: 8 additions & 8 deletions 3-networks-dual-svpc/envs/shared/dns-hub.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@ module "dns_hub_vpc" {
version = "~> 9.0"

project_id = local.dns_hub_project_id
network_name = "vpc-c-dns-hub"
network_name = "vpc-net-dns"
shared_vpc_host = "false"
delete_default_internet_gateway_routes = "true"

subnets = [{
subnet_name = "sb-c-dns-hub-${local.default_region1}"
subnet_name = "sb-net-dns-${local.default_region1}"
subnet_ip = "172.16.0.0/25"
subnet_region = local.default_region1
subnet_private_access = "true"
Expand All @@ -40,7 +40,7 @@ module "dns_hub_vpc" {
subnet_flow_logs_filter = var.vpc_flow_logs.filter_expr
description = "DNS hub subnet for region 1."
}, {
subnet_name = "sb-c-dns-hub-${local.default_region2}"
subnet_name = "sb-net-dns-${local.default_region2}"
subnet_ip = "172.16.0.128/25"
subnet_region = local.default_region2
subnet_private_access = "true"
Expand All @@ -54,7 +54,7 @@ module "dns_hub_vpc" {
}]

routes = [{
name = "rt-c-dns-hub-1000-all-default-private-api"
name = "rt-net-dns-1000-all-default-private-api"
description = "Route through IGW to allow private google api access."
destination_range = "199.36.153.8/30"
next_hop_internet = "true"
Expand Down Expand Up @@ -103,7 +103,7 @@ module "dns_hub_region1_router1" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region1}-cr1"
name = "cr-net-dns-${local.default_region1}-cr1"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region1
Expand All @@ -117,7 +117,7 @@ module "dns_hub_region1_router2" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region1}-cr2"
name = "cr-net-dns-${local.default_region1}-cr2"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region1
Expand All @@ -131,7 +131,7 @@ module "dns_hub_region2_router1" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region2}-cr3"
name = "cr-net-dns-${local.default_region2}-cr3"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region2
Expand All @@ -145,7 +145,7 @@ module "dns_hub_region2_router2" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region2}-cr4"
name = "cr-net-dns-${local.default_region2}-cr4"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region2
Expand Down
2 changes: 1 addition & 1 deletion 3-networks-dual-svpc/envs/shared/interconnect.tf.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
module "dns_hub_interconnect" {
source = "../../modules/dedicated_interconnect"

vpc_name = "c-dns-hub"
vpc_name = "net-dns"
interconnect_project_id = local.dns_hub_project_id

region1 = local.default_region1
Expand Down
2 changes: 1 addition & 1 deletion 3-networks-dual-svpc/envs/shared/partner_interconnect.tf.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
module "dns_hub_interconnect" {
source = "../../modules/partner_interconnect"

vpc_name = "c-dns-hub"
vpc_name = "net-dns"
attachment_project_id = local.dns_hub_project_id
preactivate = var.preactivate_partner_interconnect

Expand Down
2 changes: 1 addition & 1 deletion 3-networks-dual-svpc/modules/base_shared_vpc/dns.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ resource "google_dns_policy" "default_policy" {
Creates DNS Peering to DNS HUB
*****************************************/
data "google_compute_network" "vpc_dns_hub" {
name = "vpc-c-dns-hub"
name = "vpc-net-dns"
project = var.dns_hub_project_id
}

Expand Down
2 changes: 1 addition & 1 deletion 3-networks-dual-svpc/modules/partner_interconnect/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ This module implements the recommendation proposed in [Establishing 99.99% Avail

## Prerequisites

1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder and `prj-c-dns-hub` under the folder `fldr-common`.
1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder and `prj-net-dns` under the folder `fldr-common`.

## Usage

Expand Down
2 changes: 1 addition & 1 deletion 3-networks-dual-svpc/modules/restricted_shared_vpc/dns.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ resource "google_dns_policy" "default_policy" {
Creates DNS Peering to DNS HUB
*****************************************/
data "google_compute_network" "vpc_dns_hub" {
name = "vpc-c-dns-hub"
name = "vpc-net-dns"
project = var.dns_hub_project_id
}

Expand Down
16 changes: 8 additions & 8 deletions 3-networks-hub-and-spoke/envs/shared/dns-hub.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@ module "dns_hub_vpc" {
version = "~> 9.0"

project_id = local.dns_hub_project_id
network_name = "vpc-c-dns-hub"
network_name = "vpc-net-dns"
shared_vpc_host = "false"
delete_default_internet_gateway_routes = "true"

subnets = [{
subnet_name = "sb-c-dns-hub-${local.default_region1}"
subnet_name = "sb-net-dns-${local.default_region1}"
subnet_ip = "172.16.0.0/25"
subnet_region = local.default_region1
subnet_private_access = "true"
Expand All @@ -40,7 +40,7 @@ module "dns_hub_vpc" {
subnet_flow_logs_filter = var.dns_vpc_flow_logs.filter_expr
description = "DNS hub subnet for region 1."
}, {
subnet_name = "sb-c-dns-hub-${local.default_region2}"
subnet_name = "sb-net-dns-${local.default_region2}"
subnet_ip = "172.16.0.128/25"
subnet_region = local.default_region2
subnet_private_access = "true"
Expand All @@ -54,7 +54,7 @@ module "dns_hub_vpc" {
}]

routes = [{
name = "rt-c-dns-hub-1000-all-default-private-api"
name = "rt-net-dns-1000-all-default-private-api"
description = "Route through IGW to allow private google api access."
destination_range = "199.36.153.8/30"
next_hop_internet = "true"
Expand Down Expand Up @@ -103,7 +103,7 @@ module "dns_hub_region1_router1" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region1}-cr1"
name = "cr-net-dns-${local.default_region1}-cr1"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region1
Expand All @@ -117,7 +117,7 @@ module "dns_hub_region1_router2" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region1}-cr2"
name = "cr-net-dns-${local.default_region1}-cr2"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region1
Expand All @@ -131,7 +131,7 @@ module "dns_hub_region2_router1" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region2}-cr3"
name = "cr-net-dns-${local.default_region2}-cr3"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region2
Expand All @@ -145,7 +145,7 @@ module "dns_hub_region2_router2" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region2}-cr4"
name = "cr-net-dns-${local.default_region2}-cr4"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region2
Expand Down
2 changes: 1 addition & 1 deletion 3-networks-hub-and-spoke/envs/shared/interconnect.tf.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
module "dns_hub_interconnect" {
source = "../../modules/dedicated_interconnect"

vpc_name = "c-dns-hub"
vpc_name = "net-dns"
interconnect_project_id = local.dns_hub_project_id

region1 = local.default_region1
Expand Down
2 changes: 1 addition & 1 deletion 3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
module "dns_hub_interconnect" {
source = "../../modules/partner_interconnect"

vpc_name = "c-dns-hub"
vpc_name = "net-dns"
attachment_project_id = local.dns_hub_project_id
preactivate = var.preactivate_partner_interconnect

Expand Down
2 changes: 1 addition & 1 deletion 3-networks-hub-and-spoke/modules/base_shared_vpc/dns.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ resource "google_dns_policy" "default_policy" {
Creates DNS Peering to DNS HUB
*****************************************/
data "google_compute_network" "vpc_dns_hub" {
name = "vpc-c-dns-hub"
name = "vpc-net-dns"
project = var.dns_hub_project_id
}

Expand Down
2 changes: 1 addition & 1 deletion 3-networks-hub-and-spoke/modules/partner_interconnect/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ This module implements the recommendation proposed in [Establishing 99.99% Avail

## Prerequisites

1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` and `prj-c-dns-hub` under the folder `fldr-common` in case of Hub and Spoke architecture.
1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` and `prj-net-dns` under the folder `fldr-common` in case of Hub and Spoke architecture.

## Usage

Expand Down
Loading