diff --git a/fast/README.md b/fast/README.md
index 2881bb19f..36df16719 100644
--- a/fast/README.md
+++ b/fast/README.md
@@ -20,7 +20,7 @@ From the perspective of FAST's overall design, stages also work as contracts or
-Please refer to the [stages](./stages/) section for further details on each stage. For details on tenant-level stages which introduce a deeper level of autonomy via nested FAST setups rooted in a top-level folder, refer to the [multitenant](#multitenant-organizations) section below.
+Please refer to the [stages](./stages/) section for further details on each stage.
### Security-first design
@@ -36,7 +36,7 @@ FAST uses YAML-based factories to deploy subnets and firewall rules and, as its
### CI/CD
-One of our objectives with FAST is to provide a lightweight reference design for the IaC repositories, and a built-in implementation for running our code in automated pipelines. Our CI/CD approach leverages [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation), and provides sample workflow configurations for several major providers. Refer to the [CI/CD section in the bootstrap stage](./stages/0-bootstrap/README.md#cicd-configuration) for more details. We also provide separate [optional small stages](./extras/) to help you configure your CI/CD provider.
+One of our objectives with FAST is to provide a lightweight reference design for the IaC repositories, and a built-in implementation for running our code in automated pipelines. Our CI/CD approach leverages [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation), and provides sample workflow configurations for several major providers. Refer to the [CI/CD section in the organization setup stage](./stages/0-org-setup/README.md#cicd-configuration) for more details. We also provide separate [optional small stages](./extras/) to help you configure your CI/CD provider.
diff --git a/fast/addons/2-networking-ngfw/.fast-stage.env b/fast/addons/2-networking-ngfw/.fast-stage.env
index ae26e9fcb..df0ad0839 100644
--- a/fast/addons/2-networking-ngfw/.fast-stage.env
+++ b/fast/addons/2-networking-ngfw/.fast-stage.env
@@ -1,5 +1,5 @@
FAST_STAGE_DESCRIPTION="NGFW Enterprise networking add-on"
FAST_STAGE_LEVEL=2
FAST_STAGE_NAME=networking-ngfw
-FAST_STAGE_DEPS="0-globals 0-bootstrap 1-resman 2-networking"
+FAST_STAGE_DEPS="0-globals 0-org-setup 1-resman 2-networking"
FAST_STAGE_OPTIONAL="2-security"
\ No newline at end of file
diff --git a/fast/addons/2-networking-ngfw/README.md b/fast/addons/2-networking-ngfw/README.md
index b8589eadb..77bd11d7d 100644
--- a/fast/addons/2-networking-ngfw/README.md
+++ b/fast/addons/2-networking-ngfw/README.md
@@ -50,7 +50,7 @@ fast_addon = {
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../../stages/0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following example uses local files but GCS behaves identically.
@@ -63,7 +63,7 @@ ln -s ~/fast-config/providers/2-networking-ngfw-providers.tf ./
# input files from other stages
ln -s ~/fast-config/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/tfvars/0-org-setup.auto.tfvars.json ./
ln -s ~/fast-config/tfvars/1-resman.auto.tfvars.json ./
ln -s ~/fast-config/tfvars/2-networking.auto.tfvars.json ./
@@ -83,12 +83,12 @@ The preconfigured provider file uses impersonation to run with this stage's auto
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
-- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-bootstrap.auto.tfvars.json`, `1-resman.auto.tfvars.json` and `2-networking.auto.tfvars.json` files linked or copied above
+- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-org-setup.auto.tfvars.json`, `1-resman.auto.tfvars.json` and `2-networking.auto.tfvars.json` files linked or copied above
- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file
The first two sets are defined in the `variables-fast.tf` file, the latter set in the `variables.tf` file. The full list of variables can be found in the [Variables](#variables) table at the bottom of this document.
-Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
+Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../../stages/0-org-setup/README.md#output-files-and-cross-stage-variables) for more details:
```tfvars
outputs_location = "~/fast-config"
diff --git a/fast/addons/2-networking-swp/README.md b/fast/addons/2-networking-swp/README.md
index 4b12543a5..355f7d279 100644
--- a/fast/addons/2-networking-swp/README.md
+++ b/fast/addons/2-networking-swp/README.md
@@ -50,7 +50,7 @@ fast_addon = {
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../../stages/0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following example uses local files but GCS behaves identically.
@@ -63,7 +63,7 @@ ln -s ~/fast-config/providers/2-networking-swp-providers.tf ./
# input files from other stages
ln -s ~/fast-config/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/tfvars/0-org-setup.auto.tfvars.json ./
ln -s ~/fast-config/tfvars/1-resman.auto.tfvars.json ./
ln -s ~/fast-config/tfvars/2-networking.auto.tfvars.json ./
@@ -83,12 +83,12 @@ The preconfigured provider file uses impersonation to run with this stage's auto
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
-- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-bootstrap.auto.tfvars.json`, `1-resman.auto.tfvars.json` and `2-networking.auto.tfvars.json` files linked or copied above
+- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-org-setup.auto.tfvars.json`, `1-resman.auto.tfvars.json` and `2-networking.auto.tfvars.json` files linked or copied above
- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file
The first two sets are defined in the `variables-fast.tf` file, the latter set in the `variables.tf` file. The full list of variables can be found in the [Variables](#variables) table at the bottom of this document.
-Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
+Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../../stages/0-org-setup/README.md#output-files-and-cross-stage-variables) for more details:
```tfvars
outputs_location = "~/fast-config"
diff --git a/fast/addons/2-networking-test/README.md b/fast/addons/2-networking-test/README.md
index ce4bfd0ce..6217b07ae 100644
--- a/fast/addons/2-networking-test/README.md
+++ b/fast/addons/2-networking-test/README.md
@@ -36,7 +36,7 @@ fast_addon = {
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../../stages/0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following example uses local files but GCS behaves identically.
@@ -64,7 +64,7 @@ The preconfigured provider file uses impersonation to run with this stage's auto
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
-- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-bootstrap.auto.tfvars.json`, `1-resman.auto.tfvars.json` and `2-networking.auto.tfvars.json` files linked or copied above
+- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-org-setup.auto.tfvars.json`, `1-resman.auto.tfvars.json` and `2-networking.auto.tfvars.json` files linked or copied above
- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file
The first two sets are defined in the `variables-fast.tf` file, the latter set in the `variables.tf` file. The full list of variables can be found in the [Variables](#variables) table at the bottom of this document.
diff --git a/fast/extras/0-cicd-github/README.md b/fast/extras/0-cicd-github/README.md
index 0f0bbf191..3627a1b7d 100644
--- a/fast/extras/0-cicd-github/README.md
+++ b/fast/extras/0-cicd-github/README.md
@@ -94,7 +94,7 @@ repositories = {
issues = true
}
}
- populate_from = "../../stages/0-bootstrap"
+ populate_from = "../../stages/0-org-setup"
}
fast_01_resman = {
create_options = {
@@ -127,7 +127,7 @@ repositories = {
issues = true
}
}
- populate_from = "../../stages/0-bootstrap"
+ populate_from = "../../stages/0-org-setup"
populate_samples = true
}
fast_01_resman = {
diff --git a/fast/extras/0-cicd-gitlab/README.md b/fast/extras/0-cicd-gitlab/README.md
index 295467802..df3466537 100644
--- a/fast/extras/0-cicd-gitlab/README.md
+++ b/fast/extras/0-cicd-gitlab/README.md
@@ -28,8 +28,8 @@ Gitlab hostname and SSH port on the `gitlab_config` section.
### Gitlab Config
The `gitlab_config` variable defines where projects will be hosted.
-GitLab can either be the SaaS offering (with the default hostname `gitlab.com`)
-or a self-hosted instance with a custom FQDN. If hostname is set to gitlab.com, you must
+GitLab can either be the SaaS offering (with the default hostname `gitlab.com`)
+or a self-hosted instance with a custom FQDN. If hostname is set to gitlab.com, you must
also set the `saas_group` variable to specify the group path where resources will be created.
This is an example that configures a SaaS gitlab instance using `my_group/gcp` as default group :
@@ -157,7 +157,7 @@ projects = {
}
}
group = "org-admins"
- populate_from = "../../stages/0-bootstrap"
+ populate_from = "../../stages/0-org-setup"
workflow_file = "bootstrap-workflow.yaml"
}
fast_01_resman = {
@@ -211,7 +211,7 @@ projects = {
}
}
group = "org-admins"
- populate_from = "../../stages/0-bootstrap"
+ populate_from = "../../stages/0-org-setup"
populate_sample = true
workflow_file = "bootstrap-workflow.yaml"
}
@@ -266,7 +266,7 @@ projects = {
}
}
group = "org-admins"
- populate_from = "../../stages/0-bootstrap"
+ populate_from = "../../stages/0-org-setup"
populate_sample = true
workflow_file = "bootstrap-workflow.yaml"
}
@@ -348,7 +348,7 @@ An optional variable `commit_config` can be used to configure the author, email,
and message used in commits for the initial population of files. Its defaults
are probably fine for most use cases.
-## How to run this stage:
+## How to run this stage
Connect to Gitlab as root user and create a personal access token with permissions as per the [gitlab provider credentials](#gitlab-provider-credentials).
Set the newly created personal access as `gitlab_config.access_token` variable
@@ -358,11 +358,11 @@ and then issue the following commands:
gcloud storage cp gs://${prefix}-prod-iac-core-outputs-0/workflows/*-workflow.yaml ./workflows/
```
-This will download Gitlab CICD workflow files generated during 0-bootstrap stage
+This will download Gitlab CICD workflow files generated during 0-org-setup stage
on the local .workflows directory for later being uploaded on the new Gitlab
projects.
-Set `http_proxy` and `https_proxy` env vars to http://localhost:3128 and then
+Set `http_proxy` and `https_proxy` env vars to and then
run:
```bash
@@ -386,7 +386,6 @@ terraform init.
Try to create a merge request to trigger a CI pipeline on one of FAST stages and
check if the plan pipeline executes successfully.
-
## Files
diff --git a/fast/stages.png b/fast/stages.png
old mode 100644
new mode 100755
index 6a87016c1..817465aca
Binary files a/fast/stages.png and b/fast/stages.png differ
diff --git a/fast/stages/0-bootstrap/.fast-stage.env b/fast/stages/0-bootstrap/.fast-stage.env
deleted file mode 100644
index c739edfc8..000000000
--- a/fast/stages/0-bootstrap/.fast-stage.env
+++ /dev/null
@@ -1,5 +0,0 @@
-FAST_STAGE_DESCRIPTION="FAST Bootstrap."
-FAST_STAGE_LEVEL=0
-FAST_STAGE_NAME=bootstrap
-# FAST_STAGE_DEPS="0-globals 0-bootstrap"
-# FAST_STAGE_OPTIONAL=""
\ No newline at end of file
diff --git a/fast/stages/0-org-setup/.fast-stage.env b/fast/stages/0-org-setup/.fast-stage.env
new file mode 100644
index 000000000..a90ccf7f6
--- /dev/null
+++ b/fast/stages/0-org-setup/.fast-stage.env
@@ -0,0 +1,5 @@
+FAST_STAGE_DESCRIPTION="FAST Organization Setup"
+FAST_STAGE_LEVEL=0
+FAST_STAGE_NAME=org-setup
+# FAST_STAGE_DEPS="0-globals 0-org-setup"
+# FAST_STAGE_OPTIONAL=""
\ No newline at end of file
diff --git a/fast/stages/0-bootstrap/README.md b/fast/stages/0-org-setup/README.md
similarity index 96%
rename from fast/stages/0-bootstrap/README.md
rename to fast/stages/0-org-setup/README.md
index 9a8ba9046..ef432e2d7 100644
--- a/fast/stages/0-bootstrap/README.md
+++ b/fast/stages/0-org-setup/README.md
@@ -73,7 +73,7 @@ The `factories_config` variable points to several paths containing the YAML conf
If you are fine with this configuration nothing needs to be changed at this stage. To select a different setup create a `tfvars` file and set paths to the desired data folder, like shown in the example below. The different configurations produced by each fileset are described [later in this document](#default-factory-datasets).
```bash
-# create a file named 0-bootstrap.auto.tfvars containing the following
+# create a file named 0-org-setup.auto.tfvars containing the following
# and replace paths by pointing them to the desired data folder
factories_config = {
billing_accounts = "data/billing-accounts"
@@ -163,7 +163,7 @@ compute.disableSerialPortAccess - SET
```
```tfvars
-# create or edit the 0-bootstrap.auto.tfvars.file
+# create or edit the 0-org-setup.auto.tfvars.file
org_policies_imports = [
'iam.allowedPolicyMemberDomains',
'compute.disableSerialPortAccess'
@@ -181,7 +181,7 @@ These files are only persisted by default on a special outputs bucket, but can a
To enable local output files storage, set the `outputs_location` variable in your tfvars file to a filesystem path dedicated to this organization's output files. The following snippet provides an example.
```tfvars
-# create or edit the 0-bootstrap.auto.tfvars.file
+# create or edit the 0-org-setup.auto.tfvars.file
outputs_location = "~/fast-configs/test-0"
```
@@ -200,33 +200,33 @@ When the first apply cycle has completed successfully, you are ready to switch T
The first step is to link the generated provider file, either copying it from the GCS bucket or linking it from the local path if it has been configured in the previous step.
-The instructions also assume that you have moved the `0-bootstrap.auto.tfvars` file (if you have one) to the GCS bucket or the local config files. This is good practice in order to have the tfvars file persisted, either via GCS or by committing it to a repository with the source code in a dedicated config folder. The file needs to be copied or moved by hand. Alternatively, the last copy/link command can be ignored.
+The instructions also assume that you have moved the `0-org-setup.auto.tfvars` file (if you have one) to the GCS bucket or the local config files. This is good practice in order to have the tfvars file persisted, either via GCS or by committing it to a repository with the source code in a dedicated config folder. The file needs to be copied or moved by hand. Alternatively, the last copy/link command can be ignored.
If local output files are available adjust the path, run the script, then copy/paste the resulting commands.
```bash
# if local outputs file are available
../fast-links.sh ~/fast-configs/test-0
-# File linking commands for FAST Bootstrap. stage
+# File linking commands for FAST Organization Setup stage
# provider file
-ln -s /home/user/fast-configs/test-0/providers/0-bootstrap-providers.tf ./
+ln -s /home/user/fast-configs/test-0/providers/0-org-setup-providers.tf ./
# conventional location for this stage terraform.tfvars (manually managed)
-ln -s /home/user/fast-configs/test-0/0-bootstrap.auto.tfvars ./
+ln -s /home/user/fast-configs/test-0/0-org-setup.auto.tfvars ./
```
-If you did not configure local output files use the GCS bucket to fetch output files. The bucket name can be derived from the `tfvars.bootstrap.automation.outputs_bucket` Terraform output. Adjust the path, run the script, then copy/paste the resulting commands.
+If you did not configure local output files use the GCS bucket to fetch output files. The bucket name can be derived from the `tfvars.org_setup.automation.outputs_bucket` Terraform output. Adjust the path, run the script, then copy/paste the resulting commands.
```bash
../fast-links.sh gs://test0-prod-iac-core-0-iac-outputs
-# File linking commands for FAST Bootstrap. stage
+# File linking commands for FAST Organization Setup stage
# provider file
-gcloud storage cp gs://test0-prod-iac-core-0-iac-outputs/providers/0-bootstrap-providers.tf ./
+gcloud storage cp gs://test0-prod-iac-core-0-iac-outputs/providers/0-org-setup-providers.tf ./
# conventional location for this stage terraform.tfvars (manually managed)
-gcloud storage cp gs://test0-prod-iac-core-0-iac-outputs/0-bootstrap.auto.tfvars ./
+gcloud storage cp gs://test0-prod-iac-core-0-iac-outputs/0-org-setup.auto.tfvars ./
```
Once the provider file has been setup, migrate local state to the GCS backend and re-run apply.
@@ -294,7 +294,7 @@ The prerequisite configuration for this stage is done via a `defaults.yaml` file
This is a commented example of a defaults file, showing a minimal working configuration. Refer to the YAML schema for all available options.
```yaml
-# global defaults used by bootstrap and persisted in the globals output file
+# global defaults used by org setup and persisted in the globals output file
global:
# billing account also set as default in the internal project factory
billing_account: 123456-123456-123456
@@ -323,9 +323,9 @@ output_files:
storage_bucket: $storage_buckets:iac-0/iac-outputs
# FAST stage provider files (supports context interpolation)
providers:
- 0-bootstrap:
- bucket: $storage_buckets:iac-0/iac-bootstrap-state
- service_account: $iam_principals:service_accounts/iac-0/iac-bootstrap-rw
+ 0-org-setup:
+ bucket: $storage_buckets:iac-0/iac-org-state
+ service_account: $iam_principals:service_accounts/iac-0/iac-org-rw
# [...]
# static values added to context interpolation tables and used in factories
context:
@@ -365,10 +365,10 @@ iam_bindings_additive:
role: roles/billing.admin
# statically defined principal (via defaults.yaml)
member: $iam_principals:gcp-organization-admins
- billing_admin_bootstrap_sa:
+ billing_admin_org_sa:
role: roles/billing.admin
# internally managed principal (project factory service account)
- member: $iam_principals:service_accounts/iac-0/iac-bootstrap-rw
+ member: $iam_principals:service_accounts/iac-0/iac-org-rw
logging_sinks:
test:
description: Test sink
@@ -404,7 +404,7 @@ iam_by_principals:
- roles/compute.osAdminLogin
# [...]
# internally managed principal (project factory service account)
- $iam_principals:service_accounts/iac-0/iac-bootstrap-rw:
+ $iam_principals:service_accounts/iac-0/iac-org-rw:
- roles/accesscontextmanager.policyAdmin
- roles/cloudasset.viewer
- roles/essentialcontacts.admin
@@ -555,24 +555,24 @@ workload_identity_federation:
# audiences: []
# jwks_json_path:
workflows:
- bootstrap:
+ org_setup:
template: github
workload_identity_provider:
id: $wif_providers:github
audiences: []
repository:
- name: bootstrap
+ name: org-setup
branch: main
output_files:
storage_bucket: $storage_buckets:iac-0/iac-outputs
providers:
- apply: $output_files:providers/0-bootstrap
- plan: $output_files:providers/0-bootstrap-ro
+ apply: $output_files:providers/0-org-setup
+ plan: $output_files:providers/0-org-setup-ro
files:
- tfvars/0-boostrap.auto.tfvars.json
service_accounts:
- apply: $iam_principals:service_accounts/iac-0/iac-bootstrap-cicd-rw
- plan: $iam_principals:service_accounts/iac-0/iac-bootstrap-cicd-ro
+ apply: $iam_principals:service_accounts/iac-0/iac-org-cicd-rw
+ plan: $iam_principals:service_accounts/iac-0/iac-org-cicd-ro
```
## Leveraging classic FAST Stages
diff --git a/fast/stages/0-bootstrap/WORKLOG.md b/fast/stages/0-org-setup/WORKLOG.md
similarity index 100%
rename from fast/stages/0-bootstrap/WORKLOG.md
rename to fast/stages/0-org-setup/WORKLOG.md
diff --git a/fast/stages/0-bootstrap/assets/providers.tf.tpl b/fast/stages/0-org-setup/assets/providers.tf.tpl
similarity index 100%
rename from fast/stages/0-bootstrap/assets/providers.tf.tpl
rename to fast/stages/0-org-setup/assets/providers.tf.tpl
diff --git a/fast/stages/0-bootstrap/assets/workflow-github.yaml b/fast/stages/0-org-setup/assets/workflow-github.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/assets/workflow-github.yaml
rename to fast/stages/0-org-setup/assets/workflow-github.yaml
diff --git a/fast/stages/0-bootstrap/assets/workflow-gitlab.yaml b/fast/stages/0-org-setup/assets/workflow-gitlab.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/assets/workflow-gitlab.yaml
rename to fast/stages/0-org-setup/assets/workflow-gitlab.yaml
diff --git a/fast/stages/0-bootstrap/billing.tf b/fast/stages/0-org-setup/billing.tf
similarity index 100%
rename from fast/stages/0-bootstrap/billing.tf
rename to fast/stages/0-org-setup/billing.tf
diff --git a/fast/stages/0-bootstrap/cicd.tf b/fast/stages/0-org-setup/cicd.tf
similarity index 100%
rename from fast/stages/0-bootstrap/cicd.tf
rename to fast/stages/0-org-setup/cicd.tf
diff --git a/fast/stages/0-bootstrap/data/billing-accounts/default.yaml b/fast/stages/0-org-setup/data/billing-accounts/default.yaml
similarity index 94%
rename from fast/stages/0-bootstrap/data/billing-accounts/default.yaml
rename to fast/stages/0-org-setup/data/billing-accounts/default.yaml
index 492dcda1d..3fcef0936 100644
--- a/fast/stages/0-bootstrap/data/billing-accounts/default.yaml
+++ b/fast/stages/0-org-setup/data/billing-accounts/default.yaml
@@ -24,9 +24,9 @@ iam_bindings_additive:
billing_admin_org_admins:
role: roles/billing.admin
member: $iam_principals:gcp-organization-admins
- billing_admin_bootstrap_sa:
+ billing_admin_org_sa:
role: roles/billing.admin
- member: $iam_principals:service_accounts/iac-0/iac-bootstrap-rw
+ member: $iam_principals:service_accounts/iac-0/iac-org-rw
billing_user_security_sa:
role: roles/billing.user
member: $iam_principals:service_accounts/iac-0/iac-security-rw
diff --git a/fast/stages/0-bootstrap/data/cicd.yaml b/fast/stages/0-org-setup/data/cicd.yaml
similarity index 82%
rename from fast/stages/0-bootstrap/data/cicd.yaml
rename to fast/stages/0-org-setup/data/cicd.yaml
index 43c01ba2c..52040c902 100644
--- a/fast/stages/0-bootstrap/data/cicd.yaml
+++ b/fast/stages/0-org-setup/data/cicd.yaml
@@ -27,21 +27,21 @@ workload_identity_federation:
# audiences: []
# jwks_json_path:
workflows:
- bootstrap:
+ org-setup:
template: github
workload_identity_provider:
id: $wif_providers:github
audiences: []
repository:
- name: bootstrap
+ name: org-setup
branch: main
output_files:
storage_bucket: $storage_buckets:iac-0/iac-outputs
providers:
- apply: $output_files:providers/0-bootstrap
- plan: $output_files:providers/0-bootstrap-ro
+ apply: $output_files:providers/0-org
+ plan: $output_files:providers/0-org-ro
files:
- tfvars/0-boostrap.auto.tfvars.json
service_accounts:
- apply: $iam_principals:service_accounts/iac-0/iac-bootstrap-cicd-rw
- plan: $iam_principals:service_accounts/iac-0/iac-bootstrap-cicd-ro
+ apply: $iam_principals:service_accounts/iac-0/iac-org-cicd-rw
+ plan: $iam_principals:service_accounts/iac-0/iac-org-cicd-ro
diff --git a/fast/stages/0-bootstrap/data/defaults.yaml b/fast/stages/0-org-setup/data/defaults.yaml
similarity index 93%
rename from fast/stages/0-bootstrap/data/defaults.yaml
rename to fast/stages/0-org-setup/data/defaults.yaml
index 8499fc807..922affe38 100644
--- a/fast/stages/0-bootstrap/data/defaults.yaml
+++ b/fast/stages/0-org-setup/data/defaults.yaml
@@ -41,12 +41,12 @@ output_files:
local_path: ~/fast-config/fast-test-00
storage_bucket: $storage_buckets:iac-0/iac-outputs
providers:
- 0-bootstrap:
- bucket: $storage_buckets:iac-0/iac-bootstrap-state
- service_account: $iam_principals:service_accounts/iac-0/iac-bootstrap-rw
- 0-bootstrap-ro:
- bucket: $storage_buckets:iac-0/iac-bootstrap-state
- service_account: $iam_principals:service_accounts/iac-0/iac-bootstrap-rw
+ 0-org-setup:
+ bucket: $storage_buckets:iac-0/iac-org-state
+ service_account: $iam_principals:service_accounts/iac-0/iac-org-rw
+ 0-org-setup-ro:
+ bucket: $storage_buckets:iac-0/iac-org-state
+ service_account: $iam_principals:service_accounts/iac-0/iac-org-rw
1-vpcsc:
bucket: $storage_buckets:iac-0/iac-stage-state
prefix: 1-vpcsc
diff --git a/fast/stages/0-bootstrap/data/folders/data-platform/.config.yaml b/fast/stages/0-org-setup/data/folders/data-platform/.config.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/folders/data-platform/.config.yaml
rename to fast/stages/0-org-setup/data/folders/data-platform/.config.yaml
diff --git a/fast/stages/0-bootstrap/data/folders/data-platform/dev/.config.yaml b/fast/stages/0-org-setup/data/folders/data-platform/dev/.config.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/folders/data-platform/dev/.config.yaml
rename to fast/stages/0-org-setup/data/folders/data-platform/dev/.config.yaml
diff --git a/fast/stages/0-bootstrap/data/folders/data-platform/prod/.config.yaml b/fast/stages/0-org-setup/data/folders/data-platform/prod/.config.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/folders/data-platform/prod/.config.yaml
rename to fast/stages/0-org-setup/data/folders/data-platform/prod/.config.yaml
diff --git a/fast/stages/0-bootstrap/data/folders/networking/.config.yaml b/fast/stages/0-org-setup/data/folders/networking/.config.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/folders/networking/.config.yaml
rename to fast/stages/0-org-setup/data/folders/networking/.config.yaml
diff --git a/fast/stages/0-bootstrap/data/folders/networking/dev/.config.yaml b/fast/stages/0-org-setup/data/folders/networking/dev/.config.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/folders/networking/dev/.config.yaml
rename to fast/stages/0-org-setup/data/folders/networking/dev/.config.yaml
diff --git a/fast/stages/0-bootstrap/data/folders/networking/prod/.config.yaml b/fast/stages/0-org-setup/data/folders/networking/prod/.config.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/folders/networking/prod/.config.yaml
rename to fast/stages/0-org-setup/data/folders/networking/prod/.config.yaml
diff --git a/fast/stages/0-bootstrap/data/folders/security/.config.yaml b/fast/stages/0-org-setup/data/folders/security/.config.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/folders/security/.config.yaml
rename to fast/stages/0-org-setup/data/folders/security/.config.yaml
diff --git a/fast/stages/0-bootstrap/data/folders/teams/.config.yaml b/fast/stages/0-org-setup/data/folders/teams/.config.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/folders/teams/.config.yaml
rename to fast/stages/0-org-setup/data/folders/teams/.config.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/.config.yaml b/fast/stages/0-org-setup/data/organization/.config.yaml
similarity index 97%
rename from fast/stages/0-bootstrap/data/organization/.config.yaml
rename to fast/stages/0-org-setup/data/organization/.config.yaml
index f323d6397..0720780f5 100644
--- a/fast/stages/0-bootstrap/data/organization/.config.yaml
+++ b/fast/stages/0-org-setup/data/organization/.config.yaml
@@ -52,7 +52,7 @@ iam_by_principals:
- roles/resourcemanager.projectCreator
- roles/resourcemanager.tagAdmin
- roles/iam.workforcePoolAdmin
- $iam_principals:service_accounts/iac-0/iac-bootstrap-rw:
+ $iam_principals:service_accounts/iac-0/iac-org-rw:
- roles/accesscontextmanager.policyAdmin
- roles/cloudasset.viewer
- roles/essentialcontacts.admin
@@ -66,7 +66,7 @@ iam_by_principals:
- roles/resourcemanager.projectMover
- roles/resourcemanager.tagAdmin
- roles/resourcemanager.tagUser
- $iam_principals:service_accounts/iac-0/iac-bootstrap-ro:
+ $iam_principals:service_accounts/iac-0/iac-org-ro:
- roles/cloudasset.viewer
- roles/essentialcontacts.viewer
- roles/iam.organizationRoleViewer
diff --git a/fast/stages/0-bootstrap/data/organization/custom-constraints/accesscontextmanager.yaml b/fast/stages/0-org-setup/data/organization/custom-constraints/accesscontextmanager.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/custom-constraints/accesscontextmanager.yaml
rename to fast/stages/0-org-setup/data/organization/custom-constraints/accesscontextmanager.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/custom-constraints/gke.yaml b/fast/stages/0-org-setup/data/organization/custom-constraints/gke.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/custom-constraints/gke.yaml
rename to fast/stages/0-org-setup/data/organization/custom-constraints/gke.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/custom-roles/network_firewall_policies_admin.yaml b/fast/stages/0-org-setup/data/organization/custom-roles/network_firewall_policies_admin.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/custom-roles/network_firewall_policies_admin.yaml
rename to fast/stages/0-org-setup/data/organization/custom-roles/network_firewall_policies_admin.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/custom-roles/organization_admin_viewer.yaml b/fast/stages/0-org-setup/data/organization/custom-roles/organization_admin_viewer.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/custom-roles/organization_admin_viewer.yaml
rename to fast/stages/0-org-setup/data/organization/custom-roles/organization_admin_viewer.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/custom-roles/organization_iam_admin.yaml b/fast/stages/0-org-setup/data/organization/custom-roles/organization_iam_admin.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/custom-roles/organization_iam_admin.yaml
rename to fast/stages/0-org-setup/data/organization/custom-roles/organization_iam_admin.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/custom-roles/project_iam_viewer.yaml b/fast/stages/0-org-setup/data/organization/custom-roles/project_iam_viewer.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/custom-roles/project_iam_viewer.yaml
rename to fast/stages/0-org-setup/data/organization/custom-roles/project_iam_viewer.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/custom-roles/service_project_network_admin.yaml b/fast/stages/0-org-setup/data/organization/custom-roles/service_project_network_admin.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/custom-roles/service_project_network_admin.yaml
rename to fast/stages/0-org-setup/data/organization/custom-roles/service_project_network_admin.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/custom-roles/storage_viewer.yaml b/fast/stages/0-org-setup/data/organization/custom-roles/storage_viewer.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/custom-roles/storage_viewer.yaml
rename to fast/stages/0-org-setup/data/organization/custom-roles/storage_viewer.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/custom-roles/tag_viewer.yaml b/fast/stages/0-org-setup/data/organization/custom-roles/tag_viewer.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/custom-roles/tag_viewer.yaml
rename to fast/stages/0-org-setup/data/organization/custom-roles/tag_viewer.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/org-policies/accesscontextmanager.yaml b/fast/stages/0-org-setup/data/organization/org-policies/accesscontextmanager.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/org-policies/accesscontextmanager.yaml
rename to fast/stages/0-org-setup/data/organization/org-policies/accesscontextmanager.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/org-policies/cloudbuild.yaml b/fast/stages/0-org-setup/data/organization/org-policies/cloudbuild.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/org-policies/cloudbuild.yaml
rename to fast/stages/0-org-setup/data/organization/org-policies/cloudbuild.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/org-policies/compute.yaml b/fast/stages/0-org-setup/data/organization/org-policies/compute.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/org-policies/compute.yaml
rename to fast/stages/0-org-setup/data/organization/org-policies/compute.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/org-policies/essentialcontacts.yaml b/fast/stages/0-org-setup/data/organization/org-policies/essentialcontacts.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/org-policies/essentialcontacts.yaml
rename to fast/stages/0-org-setup/data/organization/org-policies/essentialcontacts.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/org-policies/gcp.yaml b/fast/stages/0-org-setup/data/organization/org-policies/gcp.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/org-policies/gcp.yaml
rename to fast/stages/0-org-setup/data/organization/org-policies/gcp.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/org-policies/gke.yaml b/fast/stages/0-org-setup/data/organization/org-policies/gke.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/org-policies/gke.yaml
rename to fast/stages/0-org-setup/data/organization/org-policies/gke.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/org-policies/iam.yaml b/fast/stages/0-org-setup/data/organization/org-policies/iam.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/org-policies/iam.yaml
rename to fast/stages/0-org-setup/data/organization/org-policies/iam.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/org-policies/serverless.yaml b/fast/stages/0-org-setup/data/organization/org-policies/serverless.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/org-policies/serverless.yaml
rename to fast/stages/0-org-setup/data/organization/org-policies/serverless.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/org-policies/sql.yaml b/fast/stages/0-org-setup/data/organization/org-policies/sql.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/org-policies/sql.yaml
rename to fast/stages/0-org-setup/data/organization/org-policies/sql.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/org-policies/storage.yaml b/fast/stages/0-org-setup/data/organization/org-policies/storage.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/org-policies/storage.yaml
rename to fast/stages/0-org-setup/data/organization/org-policies/storage.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/tags/context.yaml b/fast/stages/0-org-setup/data/organization/tags/context.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/tags/context.yaml
rename to fast/stages/0-org-setup/data/organization/tags/context.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/tags/environment.yaml b/fast/stages/0-org-setup/data/organization/tags/environment.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/tags/environment.yaml
rename to fast/stages/0-org-setup/data/organization/tags/environment.yaml
diff --git a/fast/stages/0-bootstrap/data/organization/tags/org-policies.yaml b/fast/stages/0-org-setup/data/organization/tags/org-policies.yaml
similarity index 100%
rename from fast/stages/0-bootstrap/data/organization/tags/org-policies.yaml
rename to fast/stages/0-org-setup/data/organization/tags/org-policies.yaml
diff --git a/fast/stages/0-bootstrap/data/projects/core/iac-0.yaml b/fast/stages/0-org-setup/data/projects/core/iac-0.yaml
similarity index 87%
rename from fast/stages/0-bootstrap/data/projects/core/iac-0.yaml
rename to fast/stages/0-org-setup/data/projects/core/iac-0.yaml
index 118196d71..6d810c0b7 100644
--- a/fast/stages/0-bootstrap/data/projects/core/iac-0.yaml
+++ b/fast/stages/0-org-setup/data/projects/core/iac-0.yaml
@@ -20,14 +20,14 @@ iam_by_principals:
$iam_principals:gcp-organization-admins:
- roles/iam.serviceAccountTokenCreator
- roles/iam.workloadIdentityPoolAdmin
- $iam_principals:service_accounts/iac-0/iac-bootstrap-ro:
+ $iam_principals:service_accounts/iac-0/iac-org-ro:
- roles/browser
- roles/cloudbuild.builds.viewer
- roles/iam.serviceAccountViewer
- roles/iam.workloadIdentityPoolViewer
- $custom_roles:storage_viewer
- roles/viewer
- $iam_principals:service_accounts/iac-0/iac-bootstrap-rw:
+ $iam_principals:service_accounts/iac-0/iac-org-rw:
- roles/cloudbuild.builds.editor
- roles/iam.serviceAccountAdmin
- roles/iam.workloadIdentityPoolAdmin
@@ -71,13 +71,13 @@ org_policies:
- https://app.terraform.io
buckets:
# Terraform state bucket for this stage
- iac-bootstrap-state:
+ iac-org-state:
description: Terraform state for the org-level automation.
iam:
roles/storage.admin:
- - $iam_principals:service_accounts/iac-0/iac-bootstrap-rw
+ - $iam_principals:service_accounts/iac-0/iac-org-rw
$custom_roles:storage_viewer:
- - $iam_principals:service_accounts/iac-0/iac-bootstrap-ro
+ - $iam_principals:service_accounts/iac-0/iac-org-ro
# Terraform state bucket for additional FAST stages
iac-stage-state:
description: Terraform state for stage automation.
@@ -117,14 +117,14 @@ buckets:
description: Terraform state for the org-level automation.
iam:
roles/storage.admin:
- - $iam_principals:service_accounts/iac-0/iac-bootstrap-rw
+ - $iam_principals:service_accounts/iac-0/iac-org-rw
- $iam_principals:service_accounts/iac-0/iac-dp-dev-rw
- $iam_principals:service_accounts/iac-0/iac-networking-rw
- $iam_principals:service_accounts/iac-0/iac-security-rw
- $iam_principals:service_accounts/iac-0/iac-pf-rw
- $iam_principals:service_accounts/iac-0/iac-vpcsc-rw
$custom_roles:storage_viewer:
- - $iam_principals:service_accounts/iac-0/iac-bootstrap-ro
+ - $iam_principals:service_accounts/iac-0/iac-org-ro
- $iam_principals:service_accounts/iac-0/iac-dp-dev-ro
- $iam_principals:service_accounts/iac-0/iac-networking-ro
- $iam_principals:service_accounts/iac-0/iac-security-ro
@@ -132,20 +132,20 @@ buckets:
- $iam_principals:service_accounts/iac-0/iac-vpcsc-ro
service_accounts:
# IaC service accounts for this stage
- iac-bootstrap-ro:
- display_name: IaC service account for bootstrap (read-only).
- iac-bootstrap-rw:
- display_name: IaC service account for bootstrap (read-write).
+ iac-org-ro:
+ display_name: IaC service account for org setup (read-only).
+ iac-org-rw:
+ display_name: IaC service account for org setup (read-write).
# CI/CD service accounts for this stage
- iac-bootstrap-cicd-ro:
- display_name: IaC service account for bootstrap CI/CD (read-only).
+ iac-org-cicd-ro:
+ display_name: IaC service account for org setup CI/CD (read-only).
iam_sa_roles:
- $service_account_ids:iac-0/iac-bootstrap-ro:
+ $service_account_ids:iac-0/iac-org-ro:
- roles/iam.workloadIdentityUser
- iac-bootstrap-cicd-rw:
- display_name: IaC service account for bootstrap CI/CD (read-write).
+ iac-org-cicd-rw:
+ display_name: IaC service account for org setup CI/CD (read-write).
iam_sa_roles:
- $service_account_ids:iac-0/iac-bootstrap-rw:
+ $service_account_ids:iac-0/iac-org-rw:
- roles/iam.workloadIdentityUser
# IaC service accounts for vpc-sc stage
iac-vpcsc-ro:
diff --git a/fast/stages/0-bootstrap/data/projects/core/log-0.yaml b/fast/stages/0-org-setup/data/projects/core/log-0.yaml
similarity index 88%
rename from fast/stages/0-bootstrap/data/projects/core/log-0.yaml
rename to fast/stages/0-org-setup/data/projects/core/log-0.yaml
index 8d7066d57..8ad177378 100644
--- a/fast/stages/0-bootstrap/data/projects/core/log-0.yaml
+++ b/fast/stages/0-org-setup/data/projects/core/log-0.yaml
@@ -16,9 +16,9 @@
name: prod-audit-logs-0
iam_by_principals:
- $iam_principals:service_accounts/iac-0/iac-bootstrap-ro:
+ $iam_principals:service_accounts/iac-0/iac-org-ro:
- roles/viewer
- $iam_principals:service_accounts/iac-0/iac-bootstrap-rw:
+ $iam_principals:service_accounts/iac-0/iac-org-rw:
- roles/owner
services:
- logging.googleapis.com
diff --git a/fast/stages/0-bootstrap/diagram-classic-fast.png b/fast/stages/0-org-setup/diagram-classic-fast.png
similarity index 100%
rename from fast/stages/0-bootstrap/diagram-classic-fast.png
rename to fast/stages/0-org-setup/diagram-classic-fast.png
diff --git a/fast/stages/0-bootstrap/factory.tf b/fast/stages/0-org-setup/factory.tf
similarity index 100%
rename from fast/stages/0-bootstrap/factory.tf
rename to fast/stages/0-org-setup/factory.tf
diff --git a/fast/stages/0-bootstrap/fast_version.txt b/fast/stages/0-org-setup/fast_version.txt
similarity index 100%
rename from fast/stages/0-bootstrap/fast_version.txt
rename to fast/stages/0-org-setup/fast_version.txt
diff --git a/fast/stages/0-bootstrap/imports.tf b/fast/stages/0-org-setup/imports.tf
similarity index 100%
rename from fast/stages/0-bootstrap/imports.tf
rename to fast/stages/0-org-setup/imports.tf
diff --git a/fast/stages/0-bootstrap/main.tf b/fast/stages/0-org-setup/main.tf
similarity index 100%
rename from fast/stages/0-bootstrap/main.tf
rename to fast/stages/0-org-setup/main.tf
diff --git a/fast/stages/0-bootstrap/organization.tf b/fast/stages/0-org-setup/organization.tf
similarity index 100%
rename from fast/stages/0-bootstrap/organization.tf
rename to fast/stages/0-org-setup/organization.tf
diff --git a/fast/stages/0-bootstrap/output-files.tf b/fast/stages/0-org-setup/output-files.tf
similarity index 99%
rename from fast/stages/0-bootstrap/output-files.tf
rename to fast/stages/0-org-setup/output-files.tf
index e392c4cb7..b2990ca01 100644
--- a/fast/stages/0-bootstrap/output-files.tf
+++ b/fast/stages/0-org-setup/output-files.tf
@@ -52,7 +52,7 @@ locals {
}
prefix = local.defaults.prefix
}
- bootstrap = {
+ org-setup = {
automation = {
outputs_bucket = local.of_outputs_bucket
}
diff --git a/fast/stages/0-bootstrap/outputs.tf b/fast/stages/0-org-setup/outputs.tf
similarity index 100%
rename from fast/stages/0-bootstrap/outputs.tf
rename to fast/stages/0-org-setup/outputs.tf
diff --git a/fast/stages/0-bootstrap/schemas/billing-account.schema.json b/fast/stages/0-org-setup/schemas/billing-account.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/billing-account.schema.json
rename to fast/stages/0-org-setup/schemas/billing-account.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/billing-account.schema.md b/fast/stages/0-org-setup/schemas/billing-account.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/billing-account.schema.md
rename to fast/stages/0-org-setup/schemas/billing-account.schema.md
diff --git a/fast/stages/0-bootstrap/schemas/budget.schema.json b/fast/stages/0-org-setup/schemas/budget.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/budget.schema.json
rename to fast/stages/0-org-setup/schemas/budget.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/budget.schema.md b/fast/stages/0-org-setup/schemas/budget.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/budget.schema.md
rename to fast/stages/0-org-setup/schemas/budget.schema.md
diff --git a/fast/stages/0-bootstrap/schemas/cicd.schema.json b/fast/stages/0-org-setup/schemas/cicd.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/cicd.schema.json
rename to fast/stages/0-org-setup/schemas/cicd.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/cicd.schema.md b/fast/stages/0-org-setup/schemas/cicd.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/cicd.schema.md
rename to fast/stages/0-org-setup/schemas/cicd.schema.md
diff --git a/fast/stages/0-bootstrap/schemas/custom-constraint.schema.json b/fast/stages/0-org-setup/schemas/custom-constraint.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/custom-constraint.schema.json
rename to fast/stages/0-org-setup/schemas/custom-constraint.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/custom-constraint.schema.md b/fast/stages/0-org-setup/schemas/custom-constraint.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/custom-constraint.schema.md
rename to fast/stages/0-org-setup/schemas/custom-constraint.schema.md
diff --git a/fast/stages/0-bootstrap/schemas/custom-role.schema.json b/fast/stages/0-org-setup/schemas/custom-role.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/custom-role.schema.json
rename to fast/stages/0-org-setup/schemas/custom-role.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/custom-role.schema.md b/fast/stages/0-org-setup/schemas/custom-role.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/custom-role.schema.md
rename to fast/stages/0-org-setup/schemas/custom-role.schema.md
diff --git a/fast/stages/0-bootstrap/schemas/defaults.schema.json b/fast/stages/0-org-setup/schemas/defaults.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/defaults.schema.json
rename to fast/stages/0-org-setup/schemas/defaults.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/defaults.schema.md b/fast/stages/0-org-setup/schemas/defaults.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/defaults.schema.md
rename to fast/stages/0-org-setup/schemas/defaults.schema.md
diff --git a/fast/stages/0-bootstrap/schemas/folder.schema.json b/fast/stages/0-org-setup/schemas/folder.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/folder.schema.json
rename to fast/stages/0-org-setup/schemas/folder.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/folder.schema.md b/fast/stages/0-org-setup/schemas/folder.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/folder.schema.md
rename to fast/stages/0-org-setup/schemas/folder.schema.md
diff --git a/fast/stages/0-bootstrap/schemas/org-policies.schema.json b/fast/stages/0-org-setup/schemas/org-policies.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/org-policies.schema.json
rename to fast/stages/0-org-setup/schemas/org-policies.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/org-policies.schema.md b/fast/stages/0-org-setup/schemas/org-policies.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/org-policies.schema.md
rename to fast/stages/0-org-setup/schemas/org-policies.schema.md
diff --git a/fast/stages/0-bootstrap/schemas/organization.schema.json b/fast/stages/0-org-setup/schemas/organization.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/organization.schema.json
rename to fast/stages/0-org-setup/schemas/organization.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/organization.schema.md b/fast/stages/0-org-setup/schemas/organization.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/organization.schema.md
rename to fast/stages/0-org-setup/schemas/organization.schema.md
diff --git a/fast/stages/0-bootstrap/schemas/project.schema.json b/fast/stages/0-org-setup/schemas/project.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/project.schema.json
rename to fast/stages/0-org-setup/schemas/project.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/project.schema.md b/fast/stages/0-org-setup/schemas/project.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/project.schema.md
rename to fast/stages/0-org-setup/schemas/project.schema.md
diff --git a/fast/stages/0-bootstrap/schemas/tags.schema.json b/fast/stages/0-org-setup/schemas/tags.schema.json
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/tags.schema.json
rename to fast/stages/0-org-setup/schemas/tags.schema.json
diff --git a/fast/stages/0-bootstrap/schemas/tags.schema.md b/fast/stages/0-org-setup/schemas/tags.schema.md
similarity index 100%
rename from fast/stages/0-bootstrap/schemas/tags.schema.md
rename to fast/stages/0-org-setup/schemas/tags.schema.md
diff --git a/fast/stages/0-bootstrap/variables.tf b/fast/stages/0-org-setup/variables.tf
similarity index 100%
rename from fast/stages/0-bootstrap/variables.tf
rename to fast/stages/0-org-setup/variables.tf
diff --git a/fast/stages/0-bootstrap/wif-definitions.tf b/fast/stages/0-org-setup/wif-definitions.tf
similarity index 100%
rename from fast/stages/0-bootstrap/wif-definitions.tf
rename to fast/stages/0-org-setup/wif-definitions.tf
diff --git a/fast/stages/1-resman-legacy/README.md b/fast/stages/1-resman-legacy/README.md
index e915991a5..550f6d872 100644
--- a/fast/stages/1-resman-legacy/README.md
+++ b/fast/stages/1-resman-legacy/README.md
@@ -49,7 +49,7 @@ This split approach allows concise mapping of functional and operational pattern
- team and application resources not subject to centralized management are grouped together, providing a unified view and easy budgeting/cost-allocation
- automation for core resources is segregated via separate service accounts and buckets for each area (shared service, application) effectively minimizing blast radius
-Resource names follow the FAST convention discussed in the [Bootstrap stage documentation](../0-bootstrap/README.md#naming).
+Resource names follow the FAST convention discussed in the [Bootstrap stage documentation](../0-bootstrap-legacy/README.md#naming).
## Resource management primitives
@@ -204,11 +204,11 @@ tags = {
This stage also implements optional support for CI/CD, much in the same way as the bootstrap stage. The only difference is on Workload Identity Federation, which is only configured in bootstrap and made available here via stage interface variables (the automatically generated `.tfvars` files).
-For details on how to configure CI/CD please refer to the [relevant section in the bootstrap stage documentation](../0-bootstrap/README.md#cicd-repositories).
+For details on how to configure CI/CD please refer to the [relevant section in the bootstrap stage documentation](../0-bootstrap-legacy/README.md#cicd-repositories).
## How to run this stage
-This stage is meant to be executed after the [bootstrap](../0-bootstrap) stage has run, as it leverages the automation service account and bucket created there. The relevant user groups must also exist, but that's one of the requirements for the previous stage too, so if you ran that successfully, you're good to go.
+This stage is meant to be executed after the [bootstrap](../0-bootstrap-legacy) stage has run, as it leverages the automation service account and bucket created there. The relevant user groups must also exist, but that's one of the requirements for the previous stage too, so if you ran that successfully, you're good to go.
It's of course possible to run this stage in isolation, but that's outside the scope of this document, and you would need to refer to the code for the bootstrap stage for the actual roles needed.
@@ -216,7 +216,7 @@ Before running this stage, you need to make sure you have the correct credential
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-bootstrap-legacy/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -232,7 +232,7 @@ ln -s ~/fast-config/fast-test-00/providers/1-resman-providers.tf ./
# input files from other stages
ln -s ~/fast-config/fast-test-00/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap-legacy.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
ln -s ~/fast-config/fast-test-00/1-resman.auto.tfvars ./
@@ -250,7 +250,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/1-resman-providers.
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap-legacy.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/1-resman.auto.tfvars ./
@@ -265,10 +265,10 @@ The preconfigured provider file uses impersonation to run with this stage's auto
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
-- variables which refer to resources managed by previous stage, which are prepopulated here via the `0-bootstrap.auto.tfvars.json` file linked or copied above
+- variables which refer to resources managed by previous stage, which are prepopulated here via the `0-bootstrap-legacy.auto.tfvars.json` file linked or copied above
- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file
-Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
+Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap-legacy/README.md#output-files-and-cross-stage-variables) for more details:
```tfvars
outputs_location = "~/fast-config"
diff --git a/fast/stages/1-vpcsc/.fast-stage.env b/fast/stages/1-vpcsc/.fast-stage.env
index 40c84f9b6..e781ed432 100644
--- a/fast/stages/1-vpcsc/.fast-stage.env
+++ b/fast/stages/1-vpcsc/.fast-stage.env
@@ -1,5 +1,5 @@
FAST_STAGE_DESCRIPTION="vpc service controls"
FAST_STAGE_LEVEL=1
FAST_STAGE_NAME=vpcsc
-FAST_STAGE_DEPS="0-globals 0-bootstrap"
+FAST_STAGE_DEPS="0-globals 0-org-setup"
# FAST_STAGE_OPTIONAL=""
\ No newline at end of file
diff --git a/fast/stages/1-vpcsc/README.md b/fast/stages/1-vpcsc/README.md
index 0b250abaf..e27d785a9 100644
--- a/fast/stages/1-vpcsc/README.md
+++ b/fast/stages/1-vpcsc/README.md
@@ -83,13 +83,13 @@ Resource discovery can be configured (or turned off if needed) via the `resource
## How to run this stage
-This stage is meant to be executed after the [bootstrap](../0-bootstrap) stage has run, as it leverages the automation service account and bucket created there. It does not depend from any other stage and no other stage requires it, so it can be run in any order or even skipped entirely.
+This stage is meant to be executed after the [bootstrap](../0-org-setup) stage has run, as it leverages the automation service account and bucket created there. It does not depend from any other stage and no other stage requires it, so it can be run in any order or even skipped entirely.
It's of course possible to run this stage in isolation, but that's outside the scope of this document, and you would need to refer to the code for the previous stage for the environment requirements.
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be get from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder or GCS output bucket. The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -103,7 +103,7 @@ ln -s ~/fast-config/fast-test-00/providers/1-vpcsc-providers.tf ./
# input files from other stages
ln -s ~/fast-config/fast-test-00/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/fast-test-00/tfvars/0-org-setup.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
ln -s ~/fast-config/fast-test-00/1-vpcsc.auto.tfvars ./
@@ -120,7 +120,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/1-vpcsc-providers.t
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-org-setup.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/1-vpcsc.auto.tfvars ./
@@ -135,7 +135,7 @@ The preconfigured provider file uses impersonation to run with this stage's auto
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
-- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-bootstrap.auto.tfvars.json` file linked or copied above
+- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-org-setup.auto.tfvars.json` file linked or copied above
- and finally variables that optionally control this stage's behaviour and customizations, that you are expected to configure in a custom `terraform.tfvars` file
The latter set is explained in the [Customization](#customizations) sections below, and the full list can be found in the [Variables](#variables) table at the bottom of this document.
diff --git a/fast/stages/2-networking-a-simple/.fast-stage.env b/fast/stages/2-networking-a-simple/.fast-stage.env
index 9b10516e9..d55431837 100644
--- a/fast/stages/2-networking-a-simple/.fast-stage.env
+++ b/fast/stages/2-networking-a-simple/.fast-stage.env
@@ -1,5 +1,5 @@
FAST_STAGE_DESCRIPTION="networking (simple)"
FAST_STAGE_LEVEL=2
FAST_STAGE_NAME=networking
-FAST_STAGE_DEPS="0-globals 0-bootstrap 1-resman"
+FAST_STAGE_DEPS="0-globals 0-org-setup 1-resman"
FAST_STAGE_OPTIONAL="2-networking-ngfw"
\ No newline at end of file
diff --git a/fast/stages/2-networking-a-simple/README.md b/fast/stages/2-networking-a-simple/README.md
index befea92c7..a9843ffa8 100644
--- a/fast/stages/2-networking-a-simple/README.md
+++ b/fast/stages/2-networking-a-simple/README.md
@@ -272,7 +272,7 @@ The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overv
## How to run this stage
-This stage is meant to be executed after the [bootstrap](../0-bootstrap) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
+This stage is meant to be executed after the [bootstrap](../0-org-setup) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
It's of course possible to run this stage in isolation, but that's outside the scope of this document, and you would need to refer to the code for the previous stages for the environmental requirements.
@@ -280,7 +280,7 @@ Before running this stage, you need to make sure you have the correct credential
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -294,7 +294,7 @@ ln -s ~/fast-config/fast-test-00/providers/2-networking-providers.tf ./
# input files from other stages
ln -s ~/fast-config/fast-test-00/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/fast-test-00/tfvars/0-org-setup.auto.tfvars.json ./
ln -s ~/fast-config/fast-test-00/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -314,7 +314,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/2-networking-provid
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-org-setup.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -333,12 +333,12 @@ The preconfigured provider file uses impersonation to run with this stage's auto
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
-- variables which refer to resources managed by previous stage, which are prepopulated here via the `0-bootstrap.auto.tfvars.json` and `1-resman.auto.tfvars.json` files linked or copied above
+- variables which refer to resources managed by previous stage, which are prepopulated here via the `0-org-setup.auto.tfvars.json` and `1-resman.auto.tfvars.json` files linked or copied above
- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file
The latter set is explained in the [Customization](#customizations) sections below, and the full list can be found in the [Variables](#variables) table at the bottom of this document.
-Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
+Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-org-setup/README.md#output-files-and-cross-stage-variables) for more details:
```tfvars
outputs_location = "~/fast-config"
diff --git a/fast/stages/2-networking-b-nva/.fast-stage.env b/fast/stages/2-networking-b-nva/.fast-stage.env
index 83c3bb545..adbfe290f 100644
--- a/fast/stages/2-networking-b-nva/.fast-stage.env
+++ b/fast/stages/2-networking-b-nva/.fast-stage.env
@@ -1,5 +1,5 @@
FAST_STAGE_DESCRIPTION="networking (nva)"
FAST_STAGE_LEVEL=2
FAST_STAGE_NAME=networking
-FAST_STAGE_DEPS="0-globals 0-bootstrap 1-resman"
+FAST_STAGE_DEPS="0-globals 0-org-setup 1-resman"
FAST_STAGE_OPTIONAL="2-networking-ngfw"
\ No newline at end of file
diff --git a/fast/stages/2-networking-b-nva/README.md b/fast/stages/2-networking-b-nva/README.md
index 23a6618b7..92402ae90 100644
--- a/fast/stages/2-networking-b-nva/README.md
+++ b/fast/stages/2-networking-b-nva/README.md
@@ -339,7 +339,7 @@ The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overv
## How to run this stage
-This stage is meant to be executed after the [bootstrap](../0-bootstrap) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
+This stage is meant to be executed after the [bootstrap](../0-org-setup) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
It's of course possible to run this stage in isolation, but that's outside the scope of this document, and you would need to refer to the code for the previous stages for the environmental requirements.
@@ -349,7 +349,7 @@ Note that by default the "Simple NVA" architecture is deployed - in order to ena
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -363,7 +363,7 @@ ln -s ~/fast-config/fast-test-00/providers/2-networking-providers.tf ./
# input files from other stages
ln -s ~/fast-config/fast-test-00/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/fast-test-00/tfvars/0-org-setup.auto.tfvars.json ./
ln -s ~/fast-config/fast-test-00/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -383,7 +383,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/2-networking-provid
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-org-setup.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -402,12 +402,12 @@ The preconfigured provider file uses impersonation to run with this stage's auto
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
-- variables which refer to resources managed by previous stage, which are prepopulated here via the `0-bootstrap.auto.tfvars.json` and `1-resman.auto.tfvars.json` files linked or copied above
+- variables which refer to resources managed by previous stage, which are prepopulated here via the `0-org-setup.auto.tfvars.json` and `1-resman.auto.tfvars.json` files linked or copied above
- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file
The latter set is explained in the [Customization](#customizations) sections below, and the full list can be found in the [Variables](#variables) table at the bottom of this document.
-Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
+Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-org-setup/README.md#output-files-and-cross-stage-variables) for more details:
```tfvars
outputs_location = "~/fast-config"
diff --git a/fast/stages/2-networking-c-separate-envs/.fast-stage.env b/fast/stages/2-networking-c-separate-envs/.fast-stage.env
index 1d3fffa33..784475a3b 100644
--- a/fast/stages/2-networking-c-separate-envs/.fast-stage.env
+++ b/fast/stages/2-networking-c-separate-envs/.fast-stage.env
@@ -1,5 +1,5 @@
FAST_STAGE_DESCRIPTION="networking (separate environments)"
FAST_STAGE_LEVEL=2
FAST_STAGE_NAME=networking
-FAST_STAGE_DEPS="0-globals 0-bootstrap 1-resman"
+FAST_STAGE_DEPS="0-globals 0-org-setup 1-resman"
FAST_STAGE_OPTIONAL="2-networking-ngfw"
\ No newline at end of file
diff --git a/fast/stages/2-networking-c-separate-envs/README.md b/fast/stages/2-networking-c-separate-envs/README.md
index 74632f3de..7fc6c3d3c 100644
--- a/fast/stages/2-networking-c-separate-envs/README.md
+++ b/fast/stages/2-networking-c-separate-envs/README.md
@@ -165,7 +165,7 @@ The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overv
## How to run this stage
-This stage is meant to be executed after the [bootstrap](../0-bootstrap) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
+This stage is meant to be executed after the [bootstrap](../0-org-setup) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
It's of course possible to run this stage in isolation, but that's outside the scope of this document, and you would need to refer to the code for the previous stages for the environmental requirements.
@@ -173,7 +173,7 @@ Before running this stage, you need to make sure you have the correct credential
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -187,7 +187,7 @@ ln -s ~/fast-config/fast-test-00/providers/2-networking-providers.tf ./
# input files from other stages
ln -s ~/fast-config/fast-test-00/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/fast-test-00/tfvars/0-org-setup.auto.tfvars.json ./
ln -s ~/fast-config/fast-test-00/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -207,7 +207,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/2-networking-provid
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-org-setup.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -226,12 +226,12 @@ The preconfigured provider file uses impersonation to run with this stage's auto
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
-- variables which refer to resources managed by previous stage, which are prepopulated here via the `0-bootstrap.auto.tfvars.json` and `1-resman.auto.tfvars.json` files linked or copied above
+- variables which refer to resources managed by previous stage, which are prepopulated here via the `0-org-setup.auto.tfvars.json` and `1-resman.auto.tfvars.json` files linked or copied above
- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file
The latter set is explained in the [Customization](#customizations) sections below, and the full list can be found in the [Variables](#variables) table at the bottom of this document.
-Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
+Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-org-setup/README.md#output-files-and-cross-stage-variables) for more details:
```tfvars
outputs_location = "~/fast-config"
diff --git a/fast/stages/2-project-factory-legacy/README.md b/fast/stages/2-project-factory-legacy/README.md
index 544552344..e5ee9f776 100644
--- a/fast/stages/2-project-factory-legacy/README.md
+++ b/fast/stages/2-project-factory-legacy/README.md
@@ -39,7 +39,7 @@ The project factory stage is a thin wrapper of the underlying [project-factory m
## How to run this stage
-This stage is meant to be executed after the [bootstrap](../0-bootstrap) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
+This stage is meant to be executed after the [bootstrap](../0-bootstrap-legacy) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
### Resource Management stage configuration
@@ -98,7 +98,7 @@ The `data` folder in this stage contains factory files that can be used as examp
### Stage provider and Terraform variables
-As all other FAST stages, the [mechanism](../0-bootstrap/README.md#output-files-and-cross-stage-variables) used to pass variable values and pre-built provider files from one stage to the next is also leveraged here.
+As all other FAST stages, the [mechanism](../0-bootstrap-legacy/README.md#output-files-and-cross-stage-variables) used to pass variable values and pre-built provider files from one stage to the next is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -112,7 +112,7 @@ ln -s ~/fast-config/fast-test-00/providers/2-project-factory-providers.tf ./
# input files from other stages
ln -s ~/fast-config/fast-test-00/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap-legacy.auto.tfvars.json ./
ln -s ~/fast-config/fast-test-00/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -133,7 +133,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/2-project-factory-p
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap-legacy.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
diff --git a/fast/stages/2-project-factory/.fast-stage.env b/fast/stages/2-project-factory/.fast-stage.env
index 9ef2979f5..38ac20299 100644
--- a/fast/stages/2-project-factory/.fast-stage.env
+++ b/fast/stages/2-project-factory/.fast-stage.env
@@ -1,5 +1,5 @@
FAST_STAGE_DESCRIPTION="project factory (org level)"
FAST_STAGE_LEVEL=2
FAST_STAGE_NAME=project-factory
-FAST_STAGE_DEPS="0-globals 0-bootstrap"
+FAST_STAGE_DEPS="0-globals 0-org-setup"
FAST_STAGE_OPTIONAL="1-vpcsc 2-networking 2-security"
\ No newline at end of file
diff --git a/fast/stages/2-project-factory/README.md b/fast/stages/2-project-factory/README.md
index e120974db..9471a97f3 100644
--- a/fast/stages/2-project-factory/README.md
+++ b/fast/stages/2-project-factory/README.md
@@ -45,7 +45,7 @@ The project factory stage is a thin wrapper of the underlying [project-factory m
## How to run this stage
-This stage is meant to be executed after the [bootstrap](../0-bootstrap/) stage. If any of the VPC SC, networking, and security stages have been applied, their resources can be directly leveraged via context interpolation as explained above.
+This stage is meant to be executed after the [bootstrap](../0-org-setup/) stage. If any of the VPC SC, networking, and security stages have been applied, their resources can be directly leveraged via context interpolation as explained above.
### Bootstrap stage configuration
@@ -147,7 +147,7 @@ The `data` folder in this stage contains factory files that can be used as examp
### Stage provider and Terraform variables
-As all other FAST stages, the [mechanism](../0-bootstrap/README.md#output-files-and-cross-stage-variables) used to pass variable values and pre-built provider files from one stage to the next is also leveraged here.
+As all other FAST stages, the [mechanism](../0-org-setup/README.md#output-files-and-cross-stage-variables) used to pass variable values and pre-built provider files from one stage to the next is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -161,7 +161,7 @@ ln -s ~/fast-config/fast-test-00/providers/2-project-factory-providers.tf ./
# input files from other stages
ln -s ~/fast-config/fast-test-00/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/fast-test-00/tfvars/0-org-setup.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
ln -s ~/fast-config/fast-test-00/2-project-factory.auto.tfvars ./
@@ -182,7 +182,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/2-project-factory-p
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-org-setup.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/2-project-factory.auto.tfvars ./
diff --git a/fast/stages/2-secops/.fast-stage.env b/fast/stages/2-secops/.fast-stage.env
index 797d96755..57d50b2e5 100644
--- a/fast/stages/2-secops/.fast-stage.env
+++ b/fast/stages/2-secops/.fast-stage.env
@@ -1,4 +1,4 @@
FAST_STAGE_DESCRIPTION="secops"
FAST_STAGE_LEVEL=2
FAST_STAGE_NAME=secops
-FAST_STAGE_DEPS="0-globals 0-bootstrap 1-resman"
+FAST_STAGE_DEPS="0-globals 0-org-setup 1-resman"
diff --git a/fast/stages/2-secops/README.md b/fast/stages/2-secops/README.md
index 8cc69e618..c0895993b 100644
--- a/fast/stages/2-secops/README.md
+++ b/fast/stages/2-secops/README.md
@@ -57,7 +57,7 @@ workforce_identity_providers = {
## How to run this stage
-This stage is meant to be executed after the [bootstrap](../0-bootstrap) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
+This stage is meant to be executed after the [bootstrap](../0-org-setup) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
It's of course possible to run this stage in isolation, but that's outside the scope of this document, and you would need to refer to the code for the previous stages for the environmental requirements.
@@ -65,7 +65,7 @@ Before running this stage, you need to make sure you have the correct credential
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -79,7 +79,7 @@ ln -s ~/fast-config/fast-test-00/providers/2-secops-providers.tf ./
# input files from other stages
ln -s ~/fast-config/fast-test-00/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/fast-test-00/tfvars/0-org-setup.auto.tfvars.json ./
ln -s ~/fast-config/fast-test-00/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -96,7 +96,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/2-secops-providers.
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-org-setup.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -112,12 +112,12 @@ The preconfigured provider file uses impersonation to run with this stage's auto
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
-- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-bootstrap.auto.tfvars.json` and `1-resman.auto.tfvars.json` files linked or copied above
+- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-org-setup.auto.tfvars.json` and `1-resman.auto.tfvars.json` files linked or copied above
- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file
The latter set is explained in the [Customization](#customizations) sections below, and the full list can be found in the [Variables](#variables) table at the bottom of this document.
-Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
+Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-org-setup/README.md#output-files-and-cross-stage-variables) for more details:
```tfvars
outputs_location = "~/fast-config"
diff --git a/fast/stages/2-security/.fast-stage.env b/fast/stages/2-security/.fast-stage.env
index 9e157e378..03ae4b780 100644
--- a/fast/stages/2-security/.fast-stage.env
+++ b/fast/stages/2-security/.fast-stage.env
@@ -1,4 +1,4 @@
FAST_STAGE_DESCRIPTION="security"
FAST_STAGE_LEVEL=2
FAST_STAGE_NAME=security
-FAST_STAGE_DEPS="0-globals 0-bootstrap 1-resman"
+FAST_STAGE_DEPS="0-globals 0-org-setup 1-resman"
diff --git a/fast/stages/2-security/README.md b/fast/stages/2-security/README.md
index e78c9b0d2..e735914b5 100644
--- a/fast/stages/2-security/README.md
+++ b/fast/stages/2-security/README.md
@@ -52,7 +52,7 @@ With this stage you can leverage Certificate Authority Services (CAS) and create
## How to run this stage
-This stage is meant to be executed after the [bootstrap](../0-bootstrap) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
+This stage is meant to be executed after the [bootstrap](../0-org-setup) stage has run, as it leverages the automation service account and bucket created there, and additional resources configured there.
It's of course possible to run this stage in isolation, but that's outside the scope of this document, and you would need to refer to the code for the previous stages for the environmental requirements.
@@ -60,7 +60,7 @@ Before running this stage, you need to make sure you have the correct credential
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -74,7 +74,7 @@ ln -s ~/fast-config/fast-test-00/providers/2-security-providers.tf ./
# input files from other stages
ln -s ~/fast-config/fast-test-00/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/fast-test-00/tfvars/0-org-setup.auto.tfvars.json ./
ln -s ~/fast-config/fast-test-00/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -94,7 +94,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/2-security-provider
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-org-setup.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/1-resman.auto.tfvars.json ./
# conventional place for stage tfvars (manually created)
@@ -113,12 +113,12 @@ The preconfigured provider file uses impersonation to run with this stage's auto
Variables in this stage -- like most other FAST stages -- are broadly divided into three separate sets:
- variables which refer to global values for the whole organization (org id, billing account id, prefix, etc.), which are pre-populated via the `0-globals.auto.tfvars.json` file linked or copied above
-- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-bootstrap.auto.tfvars.json` and `1-resman.auto.tfvars.json` files linked or copied above
+- variables which refer to resources managed by previous stages, which are prepopulated here via the `0-org-setup.auto.tfvars.json` and `1-resman.auto.tfvars.json` files linked or copied above
- and finally variables that optionally control this stage's behaviour and customizations, and can to be set in a custom `terraform.tfvars` file
The latter set is explained in the [Customization](#customizations) sections below, and the full list can be found in the [Variables](#variables) table at the bottom of this document.
-Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
+Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-org-setup/README.md#output-files-and-cross-stage-variables) for more details:
```tfvars
outputs_location = "~/fast-config"
diff --git a/fast/stages/3-data-platform-dev/.fast-stage.env b/fast/stages/3-data-platform-dev/.fast-stage.env
index c9f86b414..33ec41c8c 100644
--- a/fast/stages/3-data-platform-dev/.fast-stage.env
+++ b/fast/stages/3-data-platform-dev/.fast-stage.env
@@ -1,5 +1,5 @@
FAST_STAGE_DESCRIPTION="Data Platform (dev)"
FAST_STAGE_LEVEL=3
FAST_STAGE_NAME=data-platform-dev
-FAST_STAGE_DEPS="0-globals 0-bootstrap 1-resman"
+FAST_STAGE_DEPS="0-globals 0-org-setup 1-resman"
FAST_STAGE_OPTIONAL="2-networking 2-security"
diff --git a/fast/stages/3-data-platform-dev/README.md b/fast/stages/3-data-platform-dev/README.md
index 3b7f7e706..44346c6a9 100644
--- a/fast/stages/3-data-platform-dev/README.md
+++ b/fast/stages/3-data-platform-dev/README.md
@@ -181,11 +181,13 @@ Network permissions are needed to associate data domain or product projects to S
Security permissions are only needed when using CMEK encryption, to grant the relevant IAM roles to data platform service agents on the encryption keys used.
-The ["Classic FAST" dataset](../0-bootstrap/README.md#classic-fast-dataset) in the bootstrap stage already contains the configuration for a development Data Platform. Adapting it to multiple environments, or for a multi-environment setup is relatively trivial and left as an exercise to the user.
+The ["Classic FAST" dataset](../0-org-setup/README.md#classic-fast-dataset) in the bootstrap stage already contains the configuration for a development Data Platform. Adapting it to multiple environments, or for a multi-environment setup is relatively trivial and left as an exercise to the user.
+
+What is missing from the default dataset are IAM grants on security resources. They can be added from the security stage by populating the `stage_configs.security.iam_admin_delegated` and `stage_configs.security.iam_viewer` variables with the identities of the Data Platform service account.
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -197,7 +199,7 @@ ln -s ~/fast-config/providers/3-data-platform-dev-providers.tf ./
# input files from other stages
ln -s ~/fast-config/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/tfvars/0-org-setup.auto.tfvars.json ./
ln -s ~/fast-config/tfvars/1-resman.auto.tfvars.json ./
# conventional location for this stage terraform.tfvars (manually managed)
@@ -218,7 +220,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/3-data-platform-dev
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-org-setup.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/1-resman.auto.tfvars.json ./
# conventional location for this stage terraform.tfvars (manually managed)
diff --git a/fast/stages/3-gcve-dev/.fast-stage.env b/fast/stages/3-gcve-dev/.fast-stage.env
index 84282438d..2586ffab1 100644
--- a/fast/stages/3-gcve-dev/.fast-stage.env
+++ b/fast/stages/3-gcve-dev/.fast-stage.env
@@ -1,4 +1,4 @@
FAST_STAGE_DESCRIPTION="GCVE (dev)"
FAST_STAGE_LEVEL=3
FAST_STAGE_NAME=gcve-dev
-FAST_STAGE_DEPS="0-globals 0-bootstrap 1-resman 2-networking"
+FAST_STAGE_DEPS="0-globals 0-org-setup 1-resman 2-networking"
diff --git a/fast/stages/3-gcve-dev/README.md b/fast/stages/3-gcve-dev/README.md
index b22011e4f..8cd011428 100644
--- a/fast/stages/3-gcve-dev/README.md
+++ b/fast/stages/3-gcve-dev/README.md
@@ -91,11 +91,11 @@ Network permissions are needed to associate data domain or product projects to S
Security permissions are only needed when using CMEK encryption, to grant the relevant IAM roles to data platform service agents on the encryption keys used.
-The ["Classic FAST" dataset](../0-bootstrap/README.md#classic-fast-dataset) in the bootstrap stage contains the configuration for a development Data Platform that can be easily adapted to serve for this stage.
+The ["Classic FAST" dataset](../0-org-setup/README.md#classic-fast-dataset) in the bootstrap stage contains the configuration for a development Data Platform that can be easily adapted to serve for this stage.
### Provider and Terraform variables
-As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-bootstrap/README.md#output-files-and-cross-stage-variables) is also leveraged here.
+As all other FAST stages, the [mechanism used to pass variable values and pre-built provider files from one stage to the next](../0-org-setup/README.md#output-files-and-cross-stage-variables) is also leveraged here.
The commands to link or copy the provider and terraform variable files can be easily derived from the `fast-links.sh` script in the FAST stages folder, passing it a single argument with the local output files folder (if configured) or the GCS output bucket in the automation project (derived from stage 0 outputs). The following examples demonstrate both cases, and the resulting commands that then need to be copy/pasted and run.
@@ -109,7 +109,7 @@ ln -s ~/fast-config/fast-test-00/providers/3-gcve-dev-providers.tf ./
# input files from other stages
ln -s ~/fast-config/fast-test-00/tfvars/0-globals.auto.tfvars.json ./
-ln -s ~/fast-config/fast-test-00/tfvars/0-bootstrap.auto.tfvars.json ./
+ln -s ~/fast-config/fast-test-00/tfvars/0-org-setup.auto.tfvars.json ./
ln -s ~/fast-config/fast-test-00/tfvars/1-resman.auto.tfvars.json ./
ln -s ~/fast-config/fast-test-00/tfvars/2-networking.auto.tfvars.json ./
@@ -127,7 +127,7 @@ gcloud storage cp gs://xxx-prod-iac-core-outputs-0/providers/3-gcve-dev-provider
# input files from other stages
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-globals.auto.tfvars.json ./
-gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-bootstrap.auto.tfvars.json ./
+gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/0-org-setup.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/1-resman.auto.tfvars.json ./
gcloud storage cp gs://xxx-prod-iac-core-outputs-0/tfvars/2-networking.auto.tfvars.json ./
diff --git a/fast/stages/3-gke-dev/.fast-stage.env b/fast/stages/3-gke-dev/.fast-stage.env
index c16e68d5b..db5a45dc6 100644
--- a/fast/stages/3-gke-dev/.fast-stage.env
+++ b/fast/stages/3-gke-dev/.fast-stage.env
@@ -1,4 +1,4 @@
FAST_STAGE_DESCRIPTION="GKE (dev)"
FAST_STAGE_LEVEL=3
FAST_STAGE_NAME=gke-dev
-FAST_STAGE_DEPS="0-globals 0-bootstrap 1-resman 2-networking"
+FAST_STAGE_DEPS="0-globals 0-org-setup 1-resman 2-networking"
diff --git a/fast/stages/3-gke-dev/README.md b/fast/stages/3-gke-dev/README.md
index bb9761df0..a9f75c8ef 100644
--- a/fast/stages/3-gke-dev/README.md
+++ b/fast/stages/3-gke-dev/README.md
@@ -60,7 +60,7 @@ Network permissions are needed to associate data domain or product projects to S
Security permissions are only needed when using CMEK encryption, to grant the relevant IAM roles to data platform service agents on the encryption keys used.
-The ["Classic FAST" dataset](../0-bootstrap/README.md#classic-fast-dataset) in the bootstrap stage contains the configuration for a development Data Platform that can be easily adapted to serve for this stage.
+The ["Classic FAST" dataset](../0-org-setup/README.md#classic-fast-dataset) in the bootstrap stage contains the configuration for a development Data Platform that can be easily adapted to serve for this stage.
## Customizations
diff --git a/fast/stages/3-secops-dev/.fast-stage.env b/fast/stages/3-secops-dev/.fast-stage.env
index fab8e26c2..1f65dce13 100644
--- a/fast/stages/3-secops-dev/.fast-stage.env
+++ b/fast/stages/3-secops-dev/.fast-stage.env
@@ -1,4 +1,4 @@
FAST_STAGE_DESCRIPTION="SecOps (dev)"
FAST_STAGE_LEVEL=3
FAST_STAGE_NAME=secops-dev
-FAST_STAGE_DEPS="0-globals 0-bootstrap 1-resman 2-secops"
+FAST_STAGE_DEPS="0-globals 0-org-setup 1-resman 2-secops"
diff --git a/fast/stages/3-secops-dev/README.md b/fast/stages/3-secops-dev/README.md
index e31897d06..e5d8e7a24 100644
--- a/fast/stages/3-secops-dev/README.md
+++ b/fast/stages/3-secops-dev/README.md
@@ -46,7 +46,7 @@ Network permissions are needed to associate data domain or product projects to S
Security permissions are only needed when using CMEK encryption, to grant the relevant IAM roles to data platform service agents on the encryption keys used.
-The ["Classic FAST" dataset](../0-bootstrap/README.md#classic-fast-dataset) in the bootstrap stage contains the configuration for a development Data Platform that can be easily adapted to serve for this stage.
+The ["Classic FAST" dataset](../0-org-setup/README.md#classic-fast-dataset) in the bootstrap stage contains the configuration for a development Data Platform that can be easily adapted to serve for this stage.
## Customizations
diff --git a/fast/stages/CLEANUP.md b/fast/stages/CLEANUP.md
index a477e2a47..79898fa8c 100644
--- a/fast/stages/CLEANUP.md
+++ b/fast/stages/CLEANUP.md
@@ -61,29 +61,14 @@ terraform destroy
A minor glitch can surface running `terraform destroy`, where the service project attachments to the Shared VPCs will not get destroyed even with the relevant API call succeeding. We are investigating the issue but in the meantime, manually remove the attachment in the Cloud console or via the ```gcloud beta compute shared-vpc associated-projects remove``` [command](https://cloud.google.com/sdk/gcloud/reference/beta/compute/shared-vpc/associated-projects/remove) when destroy fails, and then relaunch the command.
-## Stage 1 (Resource Management)
-
-Stage 1 is a little more complicated because of the GCS buckets containing your terraform statefiles. By default, Terraform refuses to delete non-empty buckets, which is good to protect your terraform state, but it makes destruction a bit harder. Use the commands below to remove the GCS buckets from the state and then execute `terraform destroy`
-
-```bash
-cd $FAST_PWD/1-resman/
-
-# remove buckets from state since terraform refuses to delete them
-for x in $(terraform state list | grep google_storage_bucket.bucket); do
- terraform state rm "$x"
-done
-
-terraform destroy
-```
-
-## Stage 0 (Bootstrap)
+## Stage 0 (Org Setup)
**Warning: you should follow these steps carefully as we will modify our own permissions. Ensure you can grant yourself the Organization Admin role again. Otherwise, you will not be able to finish the destruction process and will, most likely, get locked out of your organization.**
Just like before, we manually remove several resources (GCS buckets and BQ datasets). Note that `terrafom destroy` will fail. This is expected; just continue with the rest of the steps.
```bash
-cd $FAST_PWD/0-bootstrap/
+cd $FAST_PWD/0-org-setup/
export FAST_BU=$(gcloud config list --format 'value(core.account)')
terraform apply -var bootstrap_user=$FAST_BU
@@ -98,7 +83,7 @@ for x in $(terraform state list | grep google_bigquery_dataset); do
done
## remove the providers file and migrate state
-rm 0-bootstrap-providers.tf
+rm 0-org-setup-providers.tf
# migrate to local state
terraform init -migrate-state
@@ -129,5 +114,5 @@ rm -i terraform.tfstate*
In case you want to deploy FAST stages again, the make sure to:
-* Modify the [prefix](0-bootstrap/variables.tf) variable to allow the deployment of resources that need unique names (eg, projects).
-* Modify the [custom_roles](0-bootstrap/variables.tf) variable to allow recently deleted custom roles to be created again.
+* Modify the [prefix](0-org-setup/variables.tf) variable to allow the deployment of resources that need unique names (eg, projects).
+* Modify the [custom_roles](0-org-setup/variables.tf) variable to allow recently deleted custom roles to be created again.
diff --git a/fast/stages/README.md b/fast/stages/README.md
index 8333c61be..6f2e9c34d 100644
--- a/fast/stages/README.md
+++ b/fast/stages/README.md
@@ -9,7 +9,7 @@ When deploying as part of a whole organization setup, each stage provides inform
This has two important consequences:
- any stage can be swapped out and replaced by different code as long as it respects the contract, by providing a predefined set of outputs and optionally accepting a predefined set of variables
-- data flow between stages can be partially automated (see [stage 0 documentation on output files](./0-bootstrap/README.md#output-files-and-cross-stage-variables)), reducing the effort and pain required to compile variables by hand
+- data flow between stages can be partially automated (see [stage 0 documentation on output files](./0-org-setup/README.md#output-files-and-cross-stage-variables)), reducing the effort and pain required to compile variables by hand
One important assumption is that the flow of data is always forward looking (or sideways for optional components), so no stage needs to depend on outputs generated further down the chain. This greatly simplifies both the logic and the implementation, and allows stages to be effectively independent.
@@ -23,7 +23,7 @@ To destroy a previous FAST deployment follow the instructions detailed in [clean
## Organization (0)
-- [Bootstrap](./0-bootstrap/README.md)
+- [Organization Setup](./0-org-setup/README.md)
This stage combines the legacy bootstrap and resource management stages described below, allowing easy configuration of all related resources via factories. Its flexibility supports any type of organizational design, while still supporting traditional FAST stages like VPC Service Controls, security, networking, and any stage 3.
- [VPC Service Controls](./1-vpcsc/README.md)
Optionally configures VPC Service Controls protection for the organization.
diff --git a/fast/stages/diagrams.excalidraw.gz b/fast/stages/diagrams.excalidraw.gz
index 057998b86..debe0b7b8 100644
Binary files a/fast/stages/diagrams.excalidraw.gz and b/fast/stages/diagrams.excalidraw.gz differ
diff --git a/tests/fast/stages/s0_bootstrap/__init__.py b/tests/fast/stages/s0_org_setup/__init__.py
similarity index 100%
rename from tests/fast/stages/s0_bootstrap/__init__.py
rename to tests/fast/stages/s0_org_setup/__init__.py
diff --git a/tests/fast/stages/s0_bootstrap/data-simple/cicd.yaml b/tests/fast/stages/s0_org_setup/data-simple/cicd.yaml
similarity index 82%
rename from tests/fast/stages/s0_bootstrap/data-simple/cicd.yaml
rename to tests/fast/stages/s0_org_setup/data-simple/cicd.yaml
index 43c01ba2c..eef12642a 100644
--- a/tests/fast/stages/s0_bootstrap/data-simple/cicd.yaml
+++ b/tests/fast/stages/s0_org_setup/data-simple/cicd.yaml
@@ -27,21 +27,21 @@ workload_identity_federation:
# audiences: []
# jwks_json_path:
workflows:
- bootstrap:
+ org-setup:
template: github
workload_identity_provider:
id: $wif_providers:github
audiences: []
repository:
- name: bootstrap
+ name: org-setup
branch: main
output_files:
storage_bucket: $storage_buckets:iac-0/iac-outputs
providers:
- apply: $output_files:providers/0-bootstrap
- plan: $output_files:providers/0-bootstrap-ro
+ apply: $output_files:providers/0-org-setup
+ plan: $output_files:providers/0-org-setup-ro
files:
- tfvars/0-boostrap.auto.tfvars.json
service_accounts:
- apply: $iam_principals:service_accounts/iac-0/iac-bootstrap-cicd-rw
- plan: $iam_principals:service_accounts/iac-0/iac-bootstrap-cicd-ro
+ apply: $iam_principals:service_accounts/iac-0/iac-org-cicd-rw
+ plan: $iam_principals:service_accounts/iac-0/iac-org-cicd-ro
diff --git a/tests/fast/stages/s0_bootstrap/data-simple/defaults.yaml b/tests/fast/stages/s0_org_setup/data-simple/defaults.yaml
similarity index 91%
rename from tests/fast/stages/s0_bootstrap/data-simple/defaults.yaml
rename to tests/fast/stages/s0_org_setup/data-simple/defaults.yaml
index 13c65ca3d..968e1d5b6 100644
--- a/tests/fast/stages/s0_bootstrap/data-simple/defaults.yaml
+++ b/tests/fast/stages/s0_org_setup/data-simple/defaults.yaml
@@ -34,12 +34,12 @@ output_files:
local_path: /tmp/fast-config
storage_bucket: $storage_buckets:iac-0/iac-outputs
providers:
- 0-bootstrap:
- bucket: $storage_buckets:iac-0/iac-bootstrap-state
- service_account: $iam_principals:service_accounts/iac-0/iac-bootstrap-rw
- 0-bootstrap-ro:
- bucket: $storage_buckets:iac-0/iac-bootstrap-state
- service_account: $iam_principals:service_accounts/iac-0/iac-bootstrap-rw
+ 0-org-setup:
+ bucket: $storage_buckets:iac-0/iac-org-state
+ service_account: $iam_principals:service_accounts/iac-0/iac-org-rw
+ 0-org-setup-ro:
+ bucket: $storage_buckets:iac-0/iac-org-state
+ service_account: $iam_principals:service_accounts/iac-0/iac-org-rw
1-vpcsc:
bucket: $storage_buckets:iac-0/iac-stage-state
prefix: 1-vpcsc
diff --git a/tests/fast/stages/s0_bootstrap/not-simple.tfvars b/tests/fast/stages/s0_org_setup/not-simple.tfvars
similarity index 100%
rename from tests/fast/stages/s0_bootstrap/not-simple.tfvars
rename to tests/fast/stages/s0_org_setup/not-simple.tfvars
diff --git a/tests/fast/stages/s0_bootstrap/not-simple.yaml b/tests/fast/stages/s0_org_setup/not-simple.yaml
similarity index 92%
rename from tests/fast/stages/s0_bootstrap/not-simple.yaml
rename to tests/fast/stages/s0_org_setup/not-simple.yaml
index 7cea8c719..944a5f53b 100644
--- a/tests/fast/stages/s0_bootstrap/not-simple.yaml
+++ b/tests/fast/stages/s0_org_setup/not-simple.yaml
@@ -44,7 +44,7 @@ values:
workload_identity_pool_id: iac-0
workload_identity_pool_provider_id: github
x509: []
- google_storage_bucket_object.providers["0-bootstrap"]:
+ google_storage_bucket_object.providers["0-org-setup"]:
bucket: ft0-prod-iac-core-0-iac-outputs
cache_control: null
content: "/**\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache\
@@ -56,10 +56,10 @@ values:
\ CONDITIONS OF ANY KIND, either express or implied.\n * See the License for\
\ the specific language governing permissions and\n * limitations under the\
\ License.\n */\n\nterraform {\n backend \"gcs\" {\n bucket \
- \ = \"ft0-prod-iac-core-0-iac-bootstrap-state\"\n impersonate_service_account\
- \ = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n\
- \ }\n}\nprovider \"google\" {\n impersonate_service_account = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
- \n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
+ \ = \"ft0-prod-iac-core-0-iac-org-state\"\n impersonate_service_account\
+ \ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n }\n\
+ }\nprovider \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
+ \n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\n"
content_disposition: null
content_encoding: null
@@ -70,13 +70,13 @@ values:
event_based_hold: null
force_empty_content_type: null
metadata: null
- name: providers/0-bootstrap-providers.tf
+ name: providers/0-org-setup-providers.tf
retention: []
source: null
source_md5hash: null
temporary_hold: null
timeouts: null
- google_storage_bucket_object.providers["0-bootstrap-ro"]:
+ google_storage_bucket_object.providers["0-org-setup-ro"]:
bucket: ft0-prod-iac-core-0-iac-outputs
cache_control: null
content: "/**\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache\
@@ -88,10 +88,10 @@ values:
\ CONDITIONS OF ANY KIND, either express or implied.\n * See the License for\
\ the specific language governing permissions and\n * limitations under the\
\ License.\n */\n\nterraform {\n backend \"gcs\" {\n bucket \
- \ = \"ft0-prod-iac-core-0-iac-bootstrap-state\"\n impersonate_service_account\
- \ = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n\
- \ }\n}\nprovider \"google\" {\n impersonate_service_account = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
- \n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
+ \ = \"ft0-prod-iac-core-0-iac-org-state\"\n impersonate_service_account\
+ \ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n }\n\
+ }\nprovider \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
+ \n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\n"
content_disposition: null
content_encoding: null
@@ -102,7 +102,7 @@ values:
event_based_hold: null
force_empty_content_type: null
metadata: null
- name: providers/0-bootstrap-ro-providers.tf
+ name: providers/0-org-setup-ro-providers.tf
retention: []
source: null
source_md5hash: null
@@ -240,24 +240,6 @@ values:
source_md5hash: null
temporary_hold: null
timeouts: null
- google_storage_bucket_object.tfvars["bootstrap"]:
- bucket: ft0-prod-iac-core-0-iac-outputs
- cache_control: null
- content_disposition: null
- content_encoding: null
- content_language: null
- customer_encryption: []
- deletion_policy: null
- detect_md5hash: different hash
- event_based_hold: null
- force_empty_content_type: null
- metadata: null
- name: tfvars/0-bootstrap.auto.tfvars.json
- retention: []
- source: null
- source_md5hash: null
- temporary_hold: null
- timeouts: null
google_storage_bucket_object.tfvars["globals"]:
bucket: ft0-prod-iac-core-0-iac-outputs
cache_control: null
@@ -277,7 +259,7 @@ values:
source_md5hash: null
temporary_hold: null
timeouts: null
- google_storage_bucket_object.workflows["bootstrap"]:
+ google_storage_bucket_object.tfvars["org-setup"]:
bucket: ft0-prod-iac-core-0-iac-outputs
cache_control: null
content_disposition: null
@@ -289,13 +271,31 @@ values:
event_based_hold: null
force_empty_content_type: null
metadata: null
- name: workflows/bootstrap.yaml
+ name: tfvars/0-org-setup.auto.tfvars.json
retention: []
source: null
source_md5hash: null
temporary_hold: null
timeouts: null
- local_file.providers["0-bootstrap"]:
+ google_storage_bucket_object.workflows["org-setup"]:
+ bucket: ft0-prod-iac-core-0-iac-outputs
+ cache_control: null
+ content_disposition: null
+ content_encoding: null
+ content_language: null
+ customer_encryption: []
+ deletion_policy: null
+ detect_md5hash: different hash
+ event_based_hold: null
+ force_empty_content_type: null
+ metadata: null
+ name: workflows/org-setup.yaml
+ retention: []
+ source: null
+ source_md5hash: null
+ temporary_hold: null
+ timeouts: null
+ local_file.providers["0-org-setup"]:
content: "/**\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache\
\ License, Version 2.0 (the \"License\");\n * you may not use this file except\
\ in compliance with the License.\n * You may obtain a copy of the License at\n\
@@ -305,18 +305,18 @@ values:
\ CONDITIONS OF ANY KIND, either express or implied.\n * See the License for\
\ the specific language governing permissions and\n * limitations under the\
\ License.\n */\n\nterraform {\n backend \"gcs\" {\n bucket \
- \ = \"ft0-prod-iac-core-0-iac-bootstrap-state\"\n impersonate_service_account\
- \ = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n\
- \ }\n}\nprovider \"google\" {\n impersonate_service_account = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
- \n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
+ \ = \"ft0-prod-iac-core-0-iac-org-state\"\n impersonate_service_account\
+ \ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n }\n\
+ }\nprovider \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
+ \n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\n"
content_base64: null
directory_permission: '0777'
file_permission: '0644'
- filename: /tmp/fast-config/providers/0-bootstrap-providers.tf
+ filename: /tmp/fast-config/providers/0-org-setup-providers.tf
sensitive_content: null
source: null
- local_file.providers["0-bootstrap-ro"]:
+ local_file.providers["0-org-setup-ro"]:
content: "/**\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache\
\ License, Version 2.0 (the \"License\");\n * you may not use this file except\
\ in compliance with the License.\n * You may obtain a copy of the License at\n\
@@ -326,15 +326,15 @@ values:
\ CONDITIONS OF ANY KIND, either express or implied.\n * See the License for\
\ the specific language governing permissions and\n * limitations under the\
\ License.\n */\n\nterraform {\n backend \"gcs\" {\n bucket \
- \ = \"ft0-prod-iac-core-0-iac-bootstrap-state\"\n impersonate_service_account\
- \ = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n\
- \ }\n}\nprovider \"google\" {\n impersonate_service_account = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
- \n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
+ \ = \"ft0-prod-iac-core-0-iac-org-state\"\n impersonate_service_account\
+ \ = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\n \n }\n\
+ }\nprovider \"google\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
+ \n}\nprovider \"google-beta\" {\n impersonate_service_account = \"iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com\"\
\n}\n"
content_base64: null
directory_permission: '0777'
file_permission: '0644'
- filename: /tmp/fast-config/providers/0-bootstrap-ro-providers.tf
+ filename: /tmp/fast-config/providers/0-org-setup-ro-providers.tf
sensitive_content: null
source: null
local_file.providers["1-vpcsc"]:
@@ -425,13 +425,6 @@ values:
filename: /tmp/fast-config/providers/2-security-providers.tf
sensitive_content: null
source: null
- local_file.tfvars["bootstrap"]:
- content_base64: null
- directory_permission: '0777'
- file_permission: '0644'
- filename: /tmp/fast-config/tfvars/0-bootstrap.auto.tfvars.json
- sensitive_content: null
- source: null
local_file.tfvars["globals"]:
content: '{"billing_account":{"id":"012345-012345-012345"},"groups":{"domain":"domain:example.org","gcp-billing-admins":"group:gcp-billing-admins@example.org","gcp-devops":"group:gcp-devops@example.org","gcp-network-admins":"group:gcp-network-admins@example.org","gcp-organization-admins":"group:fabric-fast-owners@google.com","gcp-secops-admins":"group:gcp-secops-admins@example.org","gcp-security-admins":"group:gcp-security-admins@example.org","gcp-support":"group:gcp-support@example.org"},"locations":{"bigquery":"eu","logging":"global","pubsub":[],"storage":"eu"},"organization":{"customer_id":"abcd123456","domain":"example.org","id":"1234567890"},"prefix":"ft0"}'
content_base64: null
@@ -440,23 +433,30 @@ values:
filename: /tmp/fast-config/tfvars/0-globals.auto.tfvars.json
sensitive_content: null
source: null
- local_file.workflows["bootstrap"]:
+ local_file.tfvars["org-setup"]:
content_base64: null
directory_permission: '0777'
file_permission: '0644'
- filename: /tmp/fast-config/workflows/bootstrap.yaml
+ filename: /tmp/fast-config/tfvars/0-org-setup.auto.tfvars.json
+ sensitive_content: null
+ source: null
+ local_file.workflows["org-setup"]:
+ content_base64: null
+ directory_permission: '0777'
+ file_permission: '0644'
+ filename: /tmp/fast-config/workflows/org-setup.yaml
sensitive_content: null
source: null
- module.billing-accounts["default"].google_billing_account_iam_member.bindings["billing_admin_bootstrap_sa"]:
- billing_account_id: 012345-012345-012345
- condition: []
- member: serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- role: roles/billing.admin
module.billing-accounts["default"].google_billing_account_iam_member.bindings["billing_admin_org_admins"]:
billing_account_id: 012345-012345-012345
condition: []
member: group:fabric-fast-owners@google.com
role: roles/billing.admin
+ module.billing-accounts["default"].google_billing_account_iam_member.bindings["billing_admin_org_sa"]:
+ billing_account_id: 012345-012345-012345
+ condition: []
+ member: serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ role: roles/billing.admin
module.billing-accounts["default"].google_billing_account_iam_member.bindings["billing_user_networking_sa"]:
billing_account_id: 012345-012345-012345
condition: []
@@ -472,7 +472,7 @@ values:
condition: []
member: serviceAccount:iac-security-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
role: roles/billing.user
- module.factory.module.buckets["iac-0/iac-bootstrap-state"].google_storage_bucket.bucket[0]:
+ module.factory.module.buckets["iac-0/iac-org-state"].google_storage_bucket.bucket[0]:
autoclass: []
cors: []
custom_placement_config: []
@@ -488,7 +488,7 @@ values:
lifecycle_rule: []
location: EUROPE-WEST1
logging: []
- name: ft0-prod-iac-core-0-iac-bootstrap-state
+ name: ft0-prod-iac-core-0-iac-org-state
project: ft0-prod-iac-core-0
requester_pays: null
retention_policy: []
@@ -499,17 +499,17 @@ values:
uniform_bucket_level_access: true
versioning:
- enabled: false
- ? module.factory.module.buckets["iac-0/iac-bootstrap-state"].google_storage_bucket_iam_binding.authoritative["$custom_roles:storage_viewer"]
- : bucket: ft0-prod-iac-core-0-iac-bootstrap-state
+ ? module.factory.module.buckets["iac-0/iac-org-state"].google_storage_bucket_iam_binding.authoritative["$custom_roles:storage_viewer"]
+ : bucket: ft0-prod-iac-core-0-iac-org-state
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
role: organizations/1234567890/roles/storageViewer
- ? module.factory.module.buckets["iac-0/iac-bootstrap-state"].google_storage_bucket_iam_binding.authoritative["roles/storage.admin"]
- : bucket: ft0-prod-iac-core-0-iac-bootstrap-state
+ ? module.factory.module.buckets["iac-0/iac-org-state"].google_storage_bucket_iam_binding.authoritative["roles/storage.admin"]
+ : bucket: ft0-prod-iac-core-0-iac-org-state
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
role: roles/storage.admin
module.factory.module.buckets["iac-0/iac-outputs"].google_storage_bucket.bucket[0]:
autoclass: []
@@ -542,9 +542,9 @@ values:
: bucket: ft0-prod-iac-core-0-iac-outputs
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-dp-dev-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-networking-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-pf-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-security-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-vpcsc-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
@@ -553,9 +553,9 @@ values:
bucket: ft0-prod-iac-core-0-iac-outputs
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-dp-dev-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-networking-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-pf-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-security-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-vpcsc-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
@@ -970,31 +970,31 @@ values:
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["$custom_roles:storage_viewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: organizations/1234567890/roles/storageViewer
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/browser"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: roles/browser
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/cloudbuild.builds.editor"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: roles/cloudbuild.builds.editor
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/cloudbuild.builds.viewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: roles/cloudbuild.builds.viewer
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/iam.serviceAccountAdmin"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: roles/iam.serviceAccountAdmin
? module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/iam.serviceAccountTokenCreator"]
@@ -1006,50 +1006,50 @@ values:
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/iam.serviceAccountViewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: roles/iam.serviceAccountViewer
? module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/iam.workloadIdentityPoolAdmin"]
: condition: []
members:
- group:fabric-fast-owners@google.com
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: roles/iam.workloadIdentityPoolAdmin
? module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/iam.workloadIdentityPoolViewer"]
: condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: roles/iam.workloadIdentityPoolViewer
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/owner"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: roles/owner
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/storage.admin"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: roles/storage.admin
module.factory.module.projects-iam["iac-0"].google_project_iam_binding.authoritative["roles/viewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
role: roles/viewer
module.factory.module.projects-iam["log-0"].google_project_iam_binding.authoritative["roles/owner"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-audit-logs-0
role: roles/owner
module.factory.module.projects-iam["log-0"].google_project_iam_binding.authoritative["roles/viewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-audit-logs-0
role: roles/viewer
module.factory.module.projects["iac-0"].data.google_bigquery_default_service_account.bq_sa[0]:
@@ -1366,46 +1366,6 @@ values:
project: ft0-prod-audit-logs-0
service: pubsub.googleapis.com
timeouts: null
- module.factory.module.service-accounts["iac-0/iac-bootstrap-cicd-ro"].google_service_account.service_account[0]:
- account_id: iac-bootstrap-cicd-ro
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: IaC service account for bootstrap CI/CD (read-only).
- email: iac-bootstrap-cicd-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- member: serviceAccount:iac-bootstrap-cicd-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- project: ft0-prod-iac-core-0
- timeouts: null
- module.factory.module.service-accounts["iac-0/iac-bootstrap-cicd-rw"].google_service_account.service_account[0]:
- account_id: iac-bootstrap-cicd-rw
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: IaC service account for bootstrap CI/CD (read-write).
- email: iac-bootstrap-cicd-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- member: serviceAccount:iac-bootstrap-cicd-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- project: ft0-prod-iac-core-0
- timeouts: null
- module.factory.module.service-accounts["iac-0/iac-bootstrap-ro"].google_service_account.service_account[0]:
- account_id: iac-bootstrap-ro
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: IaC service account for bootstrap (read-only).
- email: iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- member: serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- project: ft0-prod-iac-core-0
- timeouts: null
- module.factory.module.service-accounts["iac-0/iac-bootstrap-rw"].google_service_account.service_account[0]:
- account_id: iac-bootstrap-rw
- create_ignore_already_exists: null
- description: null
- disabled: false
- display_name: IaC service account for bootstrap (read-write).
- email: iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- member: serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- project: ft0-prod-iac-core-0
- timeouts: null
module.factory.module.service-accounts["iac-0/iac-dp-dev-ro"].google_service_account.service_account[0]:
account_id: iac-dp-dev-ro
create_ignore_already_exists: null
@@ -1446,6 +1406,46 @@ values:
member: serviceAccount:iac-networking-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
+ module.factory.module.service-accounts["iac-0/iac-org-cicd-ro"].google_service_account.service_account[0]:
+ account_id: iac-org-cicd-ro
+ create_ignore_already_exists: null
+ description: null
+ disabled: false
+ display_name: IaC service account for org setup CI/CD (read-only).
+ email: iac-org-cicd-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ member: serviceAccount:iac-org-cicd-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ project: ft0-prod-iac-core-0
+ timeouts: null
+ module.factory.module.service-accounts["iac-0/iac-org-cicd-rw"].google_service_account.service_account[0]:
+ account_id: iac-org-cicd-rw
+ create_ignore_already_exists: null
+ description: null
+ disabled: false
+ display_name: IaC service account for org setup CI/CD (read-write).
+ email: iac-org-cicd-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ member: serviceAccount:iac-org-cicd-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ project: ft0-prod-iac-core-0
+ timeouts: null
+ module.factory.module.service-accounts["iac-0/iac-org-ro"].google_service_account.service_account[0]:
+ account_id: iac-org-ro
+ create_ignore_already_exists: null
+ description: null
+ disabled: false
+ display_name: IaC service account for org setup (read-only).
+ email: iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ member: serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ project: ft0-prod-iac-core-0
+ timeouts: null
+ module.factory.module.service-accounts["iac-0/iac-org-rw"].google_service_account.service_account[0]:
+ account_id: iac-org-rw
+ create_ignore_already_exists: null
+ description: null
+ disabled: false
+ display_name: IaC service account for org setup (read-write).
+ email: iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ member: serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ project: ft0-prod-iac-core-0
+ timeouts: null
module.factory.module.service-accounts["iac-0/iac-pf-ro"].google_service_account.service_account[0]:
account_id: iac-pf-ro
create_ignore_already_exists: null
@@ -1506,18 +1506,18 @@ values:
member: serviceAccount:iac-vpcsc-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
project: ft0-prod-iac-core-0
timeouts: null
- module.factory.module.service_accounts-iam["iac-0/iac-bootstrap-cicd-ro"].data.google_service_account.service_account[0]:
- account_id: iac-bootstrap-cicd-ro
- ? module.factory.module.service_accounts-iam["iac-0/iac-bootstrap-cicd-ro"].google_service_account_iam_member.additive["$service_account_ids:iac-0/iac-bootstrap-ro-roles/iam.workloadIdentityUser"]
+ module.factory.module.service_accounts-iam["iac-0/iac-org-cicd-ro"].data.google_service_account.service_account[0]:
+ account_id: iac-org-cicd-ro
+ ? module.factory.module.service_accounts-iam["iac-0/iac-org-cicd-ro"].google_service_account_iam_member.additive["$service_account_ids:iac-0/iac-org-ro-roles/iam.workloadIdentityUser"]
: condition: []
role: roles/iam.workloadIdentityUser
- service_account_id: projects/ft0-prod-iac-core-0/serviceAccounts/iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- module.factory.module.service_accounts-iam["iac-0/iac-bootstrap-cicd-rw"].data.google_service_account.service_account[0]:
- account_id: iac-bootstrap-cicd-rw
- ? module.factory.module.service_accounts-iam["iac-0/iac-bootstrap-cicd-rw"].google_service_account_iam_member.additive["$service_account_ids:iac-0/iac-bootstrap-rw-roles/iam.workloadIdentityUser"]
+ service_account_id: projects/ft0-prod-iac-core-0/serviceAccounts/iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ module.factory.module.service_accounts-iam["iac-0/iac-org-cicd-rw"].data.google_service_account.service_account[0]:
+ account_id: iac-org-cicd-rw
+ ? module.factory.module.service_accounts-iam["iac-0/iac-org-cicd-rw"].google_service_account_iam_member.additive["$service_account_ids:iac-0/iac-org-rw-roles/iam.workloadIdentityUser"]
: condition: []
role: roles/iam.workloadIdentityUser
- service_account_id: projects/ft0-prod-iac-core-0/serviceAccounts/iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ service_account_id: projects/ft0-prod-iac-core-0/serviceAccounts/iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
module.factory.terraform_data.defaults_preconditions:
input: null
output: null
@@ -2190,7 +2190,7 @@ values:
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/accesscontextmanager.policyAdmin"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-vpcsc-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/accesscontextmanager.policyAdmin
@@ -2214,8 +2214,8 @@ values:
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/cloudasset.viewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-security-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-vpcsc-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
- serviceAccount:iac-vpcsc-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
@@ -2262,63 +2262,63 @@ values:
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/essentialcontacts.admin"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/essentialcontacts.admin
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/essentialcontacts.viewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/essentialcontacts.viewer
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/iam.organizationRoleAdmin"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/iam.organizationRoleAdmin
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/iam.organizationRoleViewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/iam.organizationRoleViewer
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/iam.workforcePoolAdmin"]:
condition: []
members:
- group:fabric-fast-owners@google.com
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/iam.workforcePoolAdmin
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/iam.workforcePoolViewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/iam.workforcePoolViewer
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/logging.admin"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/logging.admin
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/logging.viewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/logging.viewer
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/orgpolicy.policyAdmin"]:
condition: []
members:
- group:fabric-fast-owners@google.com
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/orgpolicy.policyAdmin
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/orgpolicy.policyViewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/orgpolicy.policyViewer
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/owner"]:
@@ -2331,58 +2331,58 @@ values:
condition: []
members:
- group:fabric-fast-owners@google.com
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/resourcemanager.folderAdmin
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/resourcemanager.folderViewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/resourcemanager.folderViewer
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/resourcemanager.organizationAdmin"]:
condition: []
members:
- group:fabric-fast-owners@google.com
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/resourcemanager.organizationAdmin
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/resourcemanager.projectCreator"]:
condition: []
members:
- group:fabric-fast-owners@google.com
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/resourcemanager.projectCreator
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/resourcemanager.projectMover"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/resourcemanager.projectMover
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/resourcemanager.tagAdmin"]:
condition: []
members:
- group:fabric-fast-owners@google.com
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/resourcemanager.tagAdmin
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/resourcemanager.tagUser"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-rw@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/resourcemanager.tagUser
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/resourcemanager.tagViewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/resourcemanager.tagViewer
module.organization-iam[0].google_organization_iam_binding.authoritative["roles/serviceusage.serviceUsageViewer"]:
condition: []
members:
- - serviceAccount:iac-bootstrap-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
+ - serviceAccount:iac-org-ro@ft0-prod-iac-core-0.iam.gserviceaccount.com
org_id: '1234567890'
role: roles/serviceusage.serviceUsageViewer
module.organization-iam[0].google_organization_iam_binding.bindings["pf_org_policy_admin"]:
diff --git a/tests/fast/stages/s0_bootstrap/tftest.yaml b/tests/fast/stages/s0_org_setup/tftest.yaml
similarity index 88%
rename from tests/fast/stages/s0_bootstrap/tftest.yaml
rename to tests/fast/stages/s0_org_setup/tftest.yaml
index a1bc8f50e..3637945ae 100644
--- a/tests/fast/stages/s0_bootstrap/tftest.yaml
+++ b/tests/fast/stages/s0_org_setup/tftest.yaml
@@ -13,11 +13,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-module: fast/stages/0-bootstrap
+module: fast/stages/0-org-setup
tests:
# TODO: rename to simple once fast lint setup accepts extra dirs
not-simple:
inventory:
- not-simple.yaml
extra_dirs:
- - ../../../tests/fast/stages/s0_bootstrap/data-simple
+ - ../../../tests/fast/stages/s0_org_setup/data-simple