kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add yq snippets for imports

Browse Source
This commit is contained in:
Wiktor Niesiobędzki
2025-12-09 15:57:14 +00:00
parent 4a30b2103e
commit 0652ce84a0
1 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
fast/stages/README.md
View File

@@ -25,7 +25,7 @@ To destroy a previous FAST deployment follow the instructions detailed in [clean
- [Organization Setup](./0-org-setup/README.md)
This stage combines the legacy bootstrap and resource management stages described below, allowing easy configuration of all related resources via factories. Its flexibility supports any type of organizational design, while still supporting traditional FAST stages like VPC Service Controls, security, networking, and any stage 3.
## VPC Service Controls (1)
- [VPC Service Controls](./1-vpcsc/README.md)
@@ -33,13 +33,13 @@ To destroy a previous FAST deployment follow the instructions detailed in [clean
## Shared resources (2)
- [Security](2-security/README.md)
- [Security](2-security/README.md)
Manages centralized security configurations in a separate stage, and is typically owned by the security team. This stage implements VPC Security Controls via separate perimeters for environments and central services, and creates projects to host centralized KMS keys used by the whole organization. It's meant to be easily extended to include other security-related resources which are required, like Secret Manager.\
Exports: KMS key ids, CA ids
- Networking ([Networking factory](2-networking/README.md))
Manages centralized network resources in a separate stage, and is typically owned by the networking team. This stage provides several different design as YaML datasets, including hub-and-spoke with VPC Peerings, VPNs, NVAs and NCC.
Exports: host project ids and numbers, vpc self links
- [Project Factory](./2-project-factory/)
- [Project Factory](./2-project-factory/)
YAML-based factory to create and configure application or team-level projects. Configuration includes VPC-level settings for Shared VPC, service-level configuration for CMEK encryption via centralized keys, and service account creation for workloads and applications. This stage can be cloned if an org-wide or dedicated per-environment factories are needed.
## Environment-level resources (3)
@@ -47,3 +47,28 @@ To destroy a previous FAST deployment follow the instructions detailed in [clean
- [Data Platform](./3-data-platform-dev/)
- [GKE Multitenant](./3-gke-dev/)
- [Google Cloud VMware Engine](./3-gcve-dev/)
## Importing existing setup into FAST
For brownfield implementations you may need to import existing setting in the organization, folders, etc. These snippets can help you add existing settings into the YAML file
Scripts below require [yq](https://github.com/mikefarah/yq/) in at least version 4.
### IAM bindings
To create `iam:` part of the factory YAML file, you can use following snippet:
```shell
gcloud <resource> get-iam-policy <resource name> | yq '.bindings | map({"key": .role, "value": .members}) | from_entries'
```
For example use following code, to get IAM bindings on organization level to be used in `0-org-setup/dataset/.../organization/.config.yaml`
```shell
gcloud organizations get-iam-policy 12345 | yq '.bindings | map({"key": .role, "value": .members}) | from_entries'
```
To create `iam_by_principals:` part of the factory YAML file, you can use following snippet:
```shell
gcloud <resource> get-iam-policy <resource name> | yq '
[.bindings | .[] | .members[] as $member | { "member": $member, "role": .role}] |
group_by(.member) | sort_by(.[0].member) | .[] | { .[0].member: map(.role)}
'
```