Allow setting GCS location default/override in project factory (#2715)
* allow setting GCS location default/override in project factory * tflint
This commit is contained in:
Ludovico Magnocavallo
committed by
GitHub
GitHub
parent
ef597a30c0
commit
5af0f90929
@@ -340,13 +340,14 @@ The approach is not shown here but reasonably easy to implement. The main projec
|
||||
| name | description | type | required | default | producer |
|
||||
|---|---|:---:|:---:|:---:|:---:|
|
||||
| [billing_account](variables-fast.tf#L17) | Billing account id. If billing account is not part of the same org set `is_org_level` to false. | <code title="object({ id = string is_org_level = optional(bool, true) })">object({…})</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables-fast.tf#L55) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [prefix](variables-fast.tf#L65) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | <code>string</code> | ✓ | | <code>0-bootstrap</code> |
|
||||
| [factories_config](variables.tf#L17) | Configuration for YAML-based factories. | <code title="object({ folders_data_path = optional(string, "data/hierarchy") projects_data_path = optional(string, "data/projects") budgets = optional(object({ billing_account = string budgets_data_path = optional(string, "data/budgets") notification_channels = optional(map(any), {}) })) context = optional(object({ folder_ids = optional(map(string), {}) iam_principals = optional(map(string), {}) tag_values = optional(map(string), {}) vpc_host_projects = optional(map(string), {}) }), {}) })">object({…})</code> | | <code>{}</code> | |
|
||||
| [folder_ids](variables-fast.tf#L30) | Folders created in the resource management stage. | <code>map(string)</code> | | <code>{}</code> | <code>1-resman</code> |
|
||||
| [groups](variables-fast.tf#L38) | Group names or IAM-format principals to grant organization-level permissions. If just the name is provided, the 'group:' principal and organization domain are interpolated. | <code>map(string)</code> | | <code>{}</code> | <code>0-bootstrap</code> |
|
||||
| [host_project_ids](variables-fast.tf#L47) | Host project for the shared VPC. | <code>map(string)</code> | | <code>{}</code> | <code>2-networking</code> |
|
||||
| [service_accounts](variables-fast.tf#L65) | Automation service accounts in name => email format. | <code>map(string)</code> | | <code>{}</code> | <code>1-resman</code> |
|
||||
| [tag_values](variables-fast.tf#L73) | FAST-managed resource manager tag values. | <code>map(string)</code> | | <code>{}</code> | <code>1-resman</code> |
|
||||
| [locations](variables-fast.tf#L55) | Optional locations for GCS, BigQuery, and logging buckets created here. | <code title="object({ gcs = optional(string) })">object({…})</code> | | <code>{}</code> | <code>0-bootstrap</code> |
|
||||
| [service_accounts](variables-fast.tf#L75) | Automation service accounts in name => email format. | <code>map(string)</code> | | <code>{}</code> | <code>1-resman</code> |
|
||||
| [tag_values](variables-fast.tf#L83) | FAST-managed resource manager tag values. | <code>map(string)</code> | | <code>{}</code> | <code>1-resman</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -20,7 +20,8 @@ module "projects" {
|
||||
source = "../../../modules/project-factory"
|
||||
data_defaults = {
|
||||
# more defaults are available, check the project factory variables
|
||||
billing_account = var.billing_account.id
|
||||
billing_account = var.billing_account.id
|
||||
storage_location = var.locations.gcs
|
||||
}
|
||||
data_merges = {
|
||||
services = [
|
||||
|
||||
@@ -52,6 +52,16 @@ variable "host_project_ids" {
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "locations" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Optional locations for GCS, BigQuery, and logging buckets created here."
|
||||
type = object({
|
||||
gcs = optional(string)
|
||||
})
|
||||
nullable = false
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
# tfdoc:variable:source 0-bootstrap
|
||||
description = "Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants."
|
||||
|
||||
@@ -213,7 +213,8 @@ module "project-factory" {
|
||||
source = "./fabric/modules/project-factory"
|
||||
# use a default billing account if none is specified via yaml
|
||||
data_defaults = {
|
||||
billing_account = var.billing_account_id
|
||||
billing_account = var.billing_account_id
|
||||
storage_location = "EU"
|
||||
}
|
||||
# make sure the environment label and stackdriver service are always added
|
||||
data_merges = {
|
||||
@@ -439,10 +440,10 @@ update_rules:
|
||||
|
||||
| name | description | type | required | default |
|
||||
|---|---|:---:|:---:|:---:|
|
||||
| [factories_config](variables.tf#L98) | Path to folder with YAML resource description data files. | <code title="object({ folders_data_path = optional(string) projects_data_path = optional(string) budgets = optional(object({ billing_account = string budgets_data_path = string notification_channels = optional(map(any), {}) })) context = optional(object({ folder_ids = optional(map(string), {}) iam_principals = optional(map(string), {}) tag_values = optional(map(string), {}) vpc_host_projects = optional(map(string), {}) }), {}) })">object({…})</code> | ✓ | |
|
||||
| [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | <code title="object({ billing_account = optional(string) contacts = optional(map(list(string)), {}) labels = optional(map(string), {}) metric_scopes = optional(list(string), []) parent = optional(string) prefix = optional(string) service_encryption_key_ids = optional(map(list(string)), {}) services = optional(list(string), []) shared_vpc_service_config = optional(object({ host_project = string network_users = optional(list(string), []) service_agent_iam = optional(map(list(string)), {}) service_agent_subnet_iam = optional(map(list(string)), {}) service_iam_grants = optional(list(string), []) network_subnet_users = optional(map(list(string)), {}) }), { host_project = null }) tag_bindings = optional(map(string), {}) service_accounts = optional(map(object({ display_name = optional(string, "Terraform-managed.") iam_self_roles = optional(list(string)) })), {}) vpc_sc = optional(object({ perimeter_name = string perimeter_bridges = optional(list(string), []) is_dry_run = optional(bool, false) })) logging_data_access = optional(map(map(list(string))), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [data_merges](variables.tf#L53) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | <code title="object({ contacts = optional(map(list(string)), {}) labels = optional(map(string), {}) metric_scopes = optional(list(string), []) service_encryption_key_ids = optional(map(list(string)), {}) services = optional(list(string), []) tag_bindings = optional(map(string), {}) service_accounts = optional(map(object({ display_name = optional(string, "Terraform-managed.") iam_self_roles = optional(list(string)) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [data_overrides](variables.tf#L72) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | <code title="object({ billing_account = optional(string) contacts = optional(map(list(string))) parent = optional(string) prefix = optional(string) service_encryption_key_ids = optional(map(list(string))) tag_bindings = optional(map(string)) services = optional(list(string)) service_accounts = optional(map(object({ display_name = optional(string, "Terraform-managed.") iam_self_roles = optional(list(string)) }))) vpc_sc = optional(object({ perimeter_name = string perimeter_bridges = optional(list(string), []) is_dry_run = optional(bool, false) })) logging_data_access = optional(map(map(list(string))), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [factories_config](variables.tf#L100) | Path to folder with YAML resource description data files. | <code title="object({ folders_data_path = optional(string) projects_data_path = optional(string) budgets = optional(object({ billing_account = string budgets_data_path = string notification_channels = optional(map(any), {}) })) context = optional(object({ folder_ids = optional(map(string), {}) iam_principals = optional(map(string), {}) tag_values = optional(map(string), {}) vpc_host_projects = optional(map(string), {}) }), {}) })">object({…})</code> | ✓ | |
|
||||
| [data_defaults](variables.tf#L17) | Optional default values used when corresponding project data from files are missing. | <code title="object({ billing_account = optional(string) contacts = optional(map(list(string)), {}) labels = optional(map(string), {}) metric_scopes = optional(list(string), []) parent = optional(string) prefix = optional(string) service_encryption_key_ids = optional(map(list(string)), {}) services = optional(list(string), []) shared_vpc_service_config = optional(object({ host_project = string network_users = optional(list(string), []) service_agent_iam = optional(map(list(string)), {}) service_agent_subnet_iam = optional(map(list(string)), {}) service_iam_grants = optional(list(string), []) network_subnet_users = optional(map(list(string)), {}) }), { host_project = null }) storage_location = optional(string) tag_bindings = optional(map(string), {}) service_accounts = optional(map(object({ display_name = optional(string, "Terraform-managed.") iam_self_roles = optional(list(string)) })), {}) vpc_sc = optional(object({ perimeter_name = string perimeter_bridges = optional(list(string), []) is_dry_run = optional(bool, false) })) logging_data_access = optional(map(map(list(string))), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [data_merges](variables.tf#L54) | Optional values that will be merged with corresponding data from files. Combines with `data_defaults`, file data, and `data_overrides`. | <code title="object({ contacts = optional(map(list(string)), {}) labels = optional(map(string), {}) metric_scopes = optional(list(string), []) service_encryption_key_ids = optional(map(list(string)), {}) services = optional(list(string), []) tag_bindings = optional(map(string), {}) service_accounts = optional(map(object({ display_name = optional(string, "Terraform-managed.") iam_self_roles = optional(list(string)) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [data_overrides](variables.tf#L73) | Optional values that override corresponding data from files. Takes precedence over file data and `data_defaults`. | <code title="object({ billing_account = optional(string) contacts = optional(map(list(string))) parent = optional(string) prefix = optional(string) service_encryption_key_ids = optional(map(list(string))) storage_location = optional(string) tag_bindings = optional(map(string)) services = optional(list(string)) service_accounts = optional(map(object({ display_name = optional(string, "Terraform-managed.") iam_self_roles = optional(list(string)) }))) vpc_sc = optional(object({ perimeter_name = string perimeter_bridges = optional(list(string), []) is_dry_run = optional(bool, false) })) logging_data_access = optional(map(map(list(string))), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -77,8 +77,12 @@ module "automation-buckets" {
|
||||
)
|
||||
})
|
||||
}
|
||||
labels = lookup(each.value, "labels", {})
|
||||
location = lookup(each.value, "location", "EU")
|
||||
labels = lookup(each.value, "labels", {})
|
||||
location = coalesce(
|
||||
var.data_overrides.storage_location,
|
||||
lookup(each.value, "location", null),
|
||||
var.data_defaults.storage_location
|
||||
)
|
||||
storage_class = lookup(each.value, "storage_class", "STANDARD")
|
||||
uniform_bucket_level_access = lookup(each.value, "uniform_bucket_level_access", true)
|
||||
versioning = lookup(each.value, "versioning", false)
|
||||
|
||||
@@ -33,7 +33,8 @@ variable "data_defaults" {
|
||||
service_iam_grants = optional(list(string), [])
|
||||
network_subnet_users = optional(map(list(string)), {})
|
||||
}), { host_project = null })
|
||||
tag_bindings = optional(map(string), {})
|
||||
storage_location = optional(string)
|
||||
tag_bindings = optional(map(string), {})
|
||||
# non-project resources
|
||||
service_accounts = optional(map(object({
|
||||
display_name = optional(string, "Terraform-managed.")
|
||||
@@ -77,6 +78,7 @@ variable "data_overrides" {
|
||||
parent = optional(string)
|
||||
prefix = optional(string)
|
||||
service_encryption_key_ids = optional(map(list(string)))
|
||||
storage_location = optional(string)
|
||||
tag_bindings = optional(map(string))
|
||||
services = optional(list(string))
|
||||
# non-project resources
|
||||
|
||||
Reference in New Issue
Block a user