Skip to content

Commit

Permalink
Merge branch 'master' into chore/fix-symbolic-link-non-production
Browse files Browse the repository at this point in the history
  • Loading branch information
@mariammartins
mariammartins authored May 13, 2024
2 parents b6ca7ff + ea49814 commit 0952ed5
Show file tree
Hide file tree
Showing 34 changed files with 235 additions and 151 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/go-lint.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: lint
name: go-lint
on:
pull_request:
branches:
Expand All @@ -29,20 +29,20 @@ concurrency:

jobs:
golangci:
name: lint
name: golangci-lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
folder: [helpers/foundation-deployer]
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: ${{ matrix.folder }}/go.mod
cache-dependency-path: ${{ matrix.folder }}/go.sum
- name: golangci-lint
uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc # v5.1.0
with:
version: latest
working-directory: ${{ matrix.folder }}
Expand Down
51 changes: 51 additions & 0 deletions .github/workflows/go-test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: go-test

on:
pull_request:
branches:
- 'master'
paths:
- 'helpers/foundation-deployer/**'
- '.github/workflows/go-test.yaml'

permissions:
contents: read

concurrency:
group: '${{github.workflow}}-${{ github.head_ref || github.ref }}'
cancel-in-progress: true

jobs:
go-test:
name: go-test
runs-on: 'ubuntu-latest'
strategy:
fail-fast: false
matrix:
folder: [helpers/foundation-deployer]
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: ${{ matrix.folder }}/go.mod
cache-dependency-path: ${{ matrix.folder }}/go.sum
- run: |-
git config --global user.name 'Cloud Foundation Bot'
git config --global user.email 'cloud-foundation-bot@google.com'
go test ./... -v
shell: bash
working-directory: ${{ matrix.folder }}
14 changes: 14 additions & 0 deletions 0-bootstrap/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,20 @@ Set the variables in **terraform.tfvars** (`groups` block) to use the specific g
- The `roles/resourcemanager.projectCreator` role on the Google Cloud organization.
- The `roles/billing.admin` role on the billing account.
- The `roles/resourcemanager.folderCreator` role.
- The `roles/securitycenter.admin` role.

```bash
# example:
gcloud organizations add-iam-policy-binding ${ORG_ID} --member=user:$SUPER_ADMIN_EMAIL --role=roles/securitycenter.admin --quiet > /dev/null 1>&1
```
1. Enable the following additional services on your current bootstrap project:
```bash
gcloud services enable cloudresourcemanager.googleapis.com
gcloud services enable cloudbilling.googleapis.com
gcloud services enable iam.googleapis.com
gcloud services enable cloudkms.googleapis.com
gcloud services enable servicenetworking.googleapis.com
```

### Optional - Automatic creation of Google Cloud Identity groups

Expand Down
13 changes: 6 additions & 7 deletions 1-org/envs/shared/projects.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ module "interconnect" {
random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
name = "${local.project_prefix}-c-interconnect"
name = "${local.project_prefix}-net-interconnect"
org_id = local.org_id
billing_account = local.billing_account
folder_id = google_folder.network.id
Expand Down Expand Up @@ -234,7 +234,7 @@ module "dns_hub" {
random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
name = "${local.project_prefix}-c-dns-hub"
name = "${local.project_prefix}-net-dns"
org_id = local.org_id
billing_account = local.billing_account
folder_id = google_folder.network.id
Expand Down Expand Up @@ -276,7 +276,7 @@ module "base_network_hub" {
random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
name = "${local.project_prefix}-c-base-net-hub"
name = "${local.project_prefix}-net-hub-base"
org_id = local.org_id
billing_account = local.billing_account
folder_id = google_folder.network.id
Expand All @@ -292,8 +292,7 @@ module "base_network_hub" {

labels = {
environment = "network"
environment = "production"
application_name = "org-base-net-hub"
application_name = "org-net-hub-base"
billing_code = "1234"
primary_contact = "example1"
secondary_contact = "example2"
Expand Down Expand Up @@ -327,7 +326,7 @@ module "restricted_network_hub" {
random_project_id = true
random_project_id_length = 4
default_service_account = "deprivilege"
name = "${local.project_prefix}-c-restricted-net-hub"
name = "${local.project_prefix}-net-hub-restricted"
org_id = local.org_id
billing_account = local.billing_account
folder_id = google_folder.network.id
Expand All @@ -343,7 +342,7 @@ module "restricted_network_hub" {

labels = {
environment = "network"
application_name = "org-restricted-net-hub"
application_name = "org-net-hub-restricted"
billing_code = "1234"
primary_contact = "example1"
secondary_contact = "example2"
Expand Down
4 changes: 0 additions & 4 deletions 1-org/envs/shared/terraform.example.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,6 @@ domains_to_allow = ["example.com"]

essential_contacts_domains_to_allow = ["@example.com"]

billing_data_users = "gcp-billing-data-users@example.com"

audit_data_users = "gcp-security-admins@example.com"

scc_notification_name = "scc-notify"

remote_state_bucket = "REMOTE_STATE_BUCKET"
Expand Down
2 changes: 1 addition & 1 deletion 2-environments/envs/nonproduction/terraform.tfvars
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
../../terraform.example.tfvars
../../terraform.tfvars
16 changes: 8 additions & 8 deletions 3-networks-dual-svpc/envs/shared/dns-hub.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@ module "dns_hub_vpc" {
version = "~> 9.0"

project_id = local.dns_hub_project_id
network_name = "vpc-c-dns-hub"
network_name = "vpc-net-dns"
shared_vpc_host = "false"
delete_default_internet_gateway_routes = "true"

subnets = [{
subnet_name = "sb-c-dns-hub-${local.default_region1}"
subnet_name = "sb-net-dns-${local.default_region1}"
subnet_ip = "172.16.0.0/25"
subnet_region = local.default_region1
subnet_private_access = "true"
Expand All @@ -40,7 +40,7 @@ module "dns_hub_vpc" {
subnet_flow_logs_filter = var.vpc_flow_logs.filter_expr
description = "DNS hub subnet for region 1."
}, {
subnet_name = "sb-c-dns-hub-${local.default_region2}"
subnet_name = "sb-net-dns-${local.default_region2}"
subnet_ip = "172.16.0.128/25"
subnet_region = local.default_region2
subnet_private_access = "true"
Expand All @@ -54,7 +54,7 @@ module "dns_hub_vpc" {
}]

routes = [{
name = "rt-c-dns-hub-1000-all-default-private-api"
name = "rt-net-dns-1000-all-default-private-api"
description = "Route through IGW to allow private google api access."
destination_range = "199.36.153.8/30"
next_hop_internet = "true"
Expand Down Expand Up @@ -103,7 +103,7 @@ module "dns_hub_region1_router1" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region1}-cr1"
name = "cr-net-dns-${local.default_region1}-cr1"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region1
Expand All @@ -117,7 +117,7 @@ module "dns_hub_region1_router2" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region1}-cr2"
name = "cr-net-dns-${local.default_region1}-cr2"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region1
Expand All @@ -131,7 +131,7 @@ module "dns_hub_region2_router1" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region2}-cr3"
name = "cr-net-dns-${local.default_region2}-cr3"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region2
Expand All @@ -145,7 +145,7 @@ module "dns_hub_region2_router2" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region2}-cr4"
name = "cr-net-dns-${local.default_region2}-cr4"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region2
Expand Down
2 changes: 1 addition & 1 deletion 3-networks-dual-svpc/envs/shared/interconnect.tf.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
module "dns_hub_interconnect" {
source = "../../modules/dedicated_interconnect"

vpc_name = "c-dns-hub"
vpc_name = "net-dns"
interconnect_project_id = local.dns_hub_project_id

region1 = local.default_region1
Expand Down
2 changes: 1 addition & 1 deletion 3-networks-dual-svpc/envs/shared/partner_interconnect.tf.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
module "dns_hub_interconnect" {
source = "../../modules/partner_interconnect"

vpc_name = "c-dns-hub"
vpc_name = "net-dns"
attachment_project_id = local.dns_hub_project_id
preactivate = var.preactivate_partner_interconnect

Expand Down
2 changes: 1 addition & 1 deletion 3-networks-dual-svpc/modules/base_shared_vpc/dns.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ resource "google_dns_policy" "default_policy" {
Creates DNS Peering to DNS HUB
*****************************************/
data "google_compute_network" "vpc_dns_hub" {
name = "vpc-c-dns-hub"
name = "vpc-net-dns"
project = var.dns_hub_project_id
}

Expand Down
2 changes: 1 addition & 1 deletion 3-networks-dual-svpc/modules/partner_interconnect/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ This module implements the recommendation proposed in [Establishing 99.99% Avail

## Prerequisites

1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder and `prj-c-dns-hub` under the folder `fldr-common`.
1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-{p|n|d}-shared-{base|restricted}` under corresponding environment's folder and `prj-net-dns` under the folder `fldr-common`.

## Usage

Expand Down
2 changes: 1 addition & 1 deletion 3-networks-dual-svpc/modules/restricted_shared_vpc/dns.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ resource "google_dns_policy" "default_policy" {
Creates DNS Peering to DNS HUB
*****************************************/
data "google_compute_network" "vpc_dns_hub" {
name = "vpc-c-dns-hub"
name = "vpc-net-dns"
project = var.dns_hub_project_id
}

Expand Down
16 changes: 8 additions & 8 deletions 3-networks-hub-and-spoke/envs/shared/dns-hub.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@ module "dns_hub_vpc" {
version = "~> 9.0"

project_id = local.dns_hub_project_id
network_name = "vpc-c-dns-hub"
network_name = "vpc-net-dns"
shared_vpc_host = "false"
delete_default_internet_gateway_routes = "true"

subnets = [{
subnet_name = "sb-c-dns-hub-${local.default_region1}"
subnet_name = "sb-net-dns-${local.default_region1}"
subnet_ip = "172.16.0.0/25"
subnet_region = local.default_region1
subnet_private_access = "true"
Expand All @@ -40,7 +40,7 @@ module "dns_hub_vpc" {
subnet_flow_logs_filter = var.dns_vpc_flow_logs.filter_expr
description = "DNS hub subnet for region 1."
}, {
subnet_name = "sb-c-dns-hub-${local.default_region2}"
subnet_name = "sb-net-dns-${local.default_region2}"
subnet_ip = "172.16.0.128/25"
subnet_region = local.default_region2
subnet_private_access = "true"
Expand All @@ -54,7 +54,7 @@ module "dns_hub_vpc" {
}]

routes = [{
name = "rt-c-dns-hub-1000-all-default-private-api"
name = "rt-net-dns-1000-all-default-private-api"
description = "Route through IGW to allow private google api access."
destination_range = "199.36.153.8/30"
next_hop_internet = "true"
Expand Down Expand Up @@ -103,7 +103,7 @@ module "dns_hub_region1_router1" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region1}-cr1"
name = "cr-net-dns-${local.default_region1}-cr1"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region1
Expand All @@ -117,7 +117,7 @@ module "dns_hub_region1_router2" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region1}-cr2"
name = "cr-net-dns-${local.default_region1}-cr2"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region1
Expand All @@ -131,7 +131,7 @@ module "dns_hub_region2_router1" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region2}-cr3"
name = "cr-net-dns-${local.default_region2}-cr3"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region2
Expand All @@ -145,7 +145,7 @@ module "dns_hub_region2_router2" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 6.0"

name = "cr-c-dns-hub-${local.default_region2}-cr4"
name = "cr-net-dns-${local.default_region2}-cr4"
project = local.dns_hub_project_id
network = module.dns_hub_vpc.network_name
region = local.default_region2
Expand Down
2 changes: 1 addition & 1 deletion 3-networks-hub-and-spoke/envs/shared/interconnect.tf.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
module "dns_hub_interconnect" {
source = "../../modules/dedicated_interconnect"

vpc_name = "c-dns-hub"
vpc_name = "net-dns"
interconnect_project_id = local.dns_hub_project_id

region1 = local.default_region1
Expand Down
2 changes: 1 addition & 1 deletion 3-networks-hub-and-spoke/envs/shared/partner_interconnect.tf.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
module "dns_hub_interconnect" {
source = "../../modules/partner_interconnect"

vpc_name = "c-dns-hub"
vpc_name = "net-dns"
attachment_project_id = local.dns_hub_project_id
preactivate = var.preactivate_partner_interconnect

Expand Down
2 changes: 1 addition & 1 deletion 3-networks-hub-and-spoke/modules/base_shared_vpc/dns.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ resource "google_dns_policy" "default_policy" {
Creates DNS Peering to DNS HUB
*****************************************/
data "google_compute_network" "vpc_dns_hub" {
name = "vpc-c-dns-hub"
name = "vpc-net-dns"
project = var.dns_hub_project_id
}

Expand Down
2 changes: 1 addition & 1 deletion 3-networks-hub-and-spoke/modules/partner_interconnect/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ This module implements the recommendation proposed in [Establishing 99.99% Avail

## Prerequisites

1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` and `prj-c-dns-hub` under the folder `fldr-common` in case of Hub and Spoke architecture.
1. Provisioning of four [VLAN attachments](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/partner-overview) in the Hub project in the specified environment. That would be the `prj-c-{base|restricted}-net-hub` and `prj-net-dns` under the folder `fldr-common` in case of Hub and Spoke architecture.

## Usage

Expand Down
Loading

0 comments on commit 0952ed5

Please sign in to comment.